NielsLeenheer
commented
6 years ago In order to track progression over time, this would be problematic. Older browsers may still have support for a feature over http and may not support modern SSL certificates. That means we lose any visibility of that feature in older browsers.
I've also removed the banner about improving scoring. What I do now is collect the data from http, check if the browser actually supports showing the https version of the site and then seamlessly redirect to the https version. That way I have data about both http and https and they user will see the results from the https version. And if the browser can not open the https version for some reason, it will show the http version instead.
dstorey
The current v9 has a banner about improved scoring on https.
As well as this, I propose to remove those features from the http version, so that the total score is lower.
In WebIDL interfaces that require https are marked using the secure context extended attribute. You already have a way to detect http (to show the banner), so just needs a check in the code to only include those features in https. Chrome has already started removing features from http, and Edge has long since blocked paymentRequest from http.