It's surprising that no website utilizes HTTPS today. Securing a website was difficult in the past, but most barriers to security have been erased in recent years. Some of those barriers included the price, technical requirements, and performance concerns.
To qualify as a progressive web application, a website must be served via HTTPS. Service workers are gated behind HTTPS because they run in the background and are designed to perform tasks that could compromise privacy if they are not protected.
With reduced and eliminated barriers, search engines and browsers have increased HTTPS's visibility to consumers because of improved search engine rankings, visual queues in the browser, and the gating APIs behind HTTPS:
This means that every website now has incentives to migrate from HTTP to HTTPS. But there are still some issues that you will need...
