"Removing features from the non-secure web will likely cause some sites to break so we will have to monitor the degree of breakage and balance it with the security benefit,” Mozilla security chief Richard Barnes commented in a blog post.
Mozilla's Firefox, the browser of choice for a quarter of global internet users, plans to give plenty of notice to developers before revoking features, and is likely to soften the blow by limiting feature abilities before an outright block. Some HTTP content might even still be functional, due to security features such as HSTS.
“This plan still allows for usage of the HTTP URI scheme in legacy content,” Barnes noted. “With HSTS and the upgrade-insecure-requests CSP attribute, the HTTP scheme can be automatically translated to HTTPS by the browser, and thus run securely."
The effective date still remains undecided though the company told news sources it will be submitting proposals to the W3C WebAppSec Working Group “soon.”