There are several reasons why HTTPS is not used for all web traffic:
- Cost: Implementing HTTPS requires an SSL or TLS certificate, which can be expensive for some organizations. Smaller websites may not have the budget to purchase and maintain a certificate. However, this is less of a concern now as Let's Encrypt and similar websites offer free SSL certificates.
- Lack of Awareness: Some website owners and developers may not fully understand the importance of using HTTPS, or may not realize that their website is not currently using HTTPS. However, with Google and other search engines penalizing HTTP-only websites in their search results, the awareness would eventually improve with time.
- Legacy Systems: Some older websites and systems may not be able to support HTTPS due to technical limitations. On top of it, implementing HTTPS can be technically complex, especially for older websites that were not originally designed with security in mind. This can make the transition to HTTPS difficult and time-consuming.
In recent years, there has been a push to increase the use of HTTPS across the web, and many browsers now display security warnings for websites that are not using HTTPS. For example, this is how an HTTP-only website shows on Google Chrome:
However, the adoption of HTTPS is still not universal, and there is still work to be done to make the web a more secure place for all users.