HTTPS is not a strict improvement over HTTP. Indeed it adds SSL requirements to the client, increases resources needed to access/serve the content, requires to acquire and maintain a certificate, etc.
It's a common practice to offer HTTPS, but you shouldn't think of it as dogma. It's perfectly reasonable to provide both so that people using old terminals (an iPad v1, or an old game console for example) can access the content without technical issues. Or if you want a very low-resources device to access it.
It's all trade-offs and use-cases. One is not a superset of the other.
It's like saying every door should have a lock. No, not every door is improved by adding a lock. Many use-cases are actually not possible with a lock.
Different situations have different tradeoffs, and different people value different things.
The point of https here is to serve as a guarantee that the content you see is the content that was provided by the server and not something that was injected by somewhere between the two ends of the wire. The idea that it should support ipad 1 or old game consoles is just as valid as the idea that websites should support internet explorer 6 or that the linux kernel should have kept support for the i386. No, it's almost 2022, even potatoes can deal with tls.
> The point of https here is to serve as a guarantee that the content you see is the content that was provided by the server and not something that was injected by somewhere between the two ends of the wire.
As I highlighted above, a redirect from http to https is going exactly against this. If you care about MITM attacks for your visitors to that extent, you should not serve any traffic on HTTP. Yet that's a usability nightmare because of how web clients (not just browsers) operate today.
Of course it's valid to want your website to serve users of IE6 or iPad1. You may not care for such users but not everyone is like you, living in your country, caring about the things you care about.
There are many valid use cases for HTTP, and more broadly, keeping old devices and experiences working as time passes
My country (France) has many buildings and bridges from 500 years ago for instance. I hope these get preserved as there is a lot to learn from them, lots of beauty in them, and they may be more and more relevant in the future.
Not everything should disappear the instant there an alternative. Things co-existing is great.
It's a common practice to offer HTTPS, but you shouldn't think of it as dogma. It's perfectly reasonable to provide both so that people using old terminals (an iPad v1, or an old game console for example) can access the content without technical issues. Or if you want a very low-resources device to access it.
It's all trade-offs and use-cases. One is not a superset of the other.
It's like saying every door should have a lock. No, not every door is improved by adding a lock. Many use-cases are actually not possible with a lock.
Different situations have different tradeoffs, and different people value different things.