Sites must not utilize the unsafe-url plan, as this may trigger HTTPS URLs for being exposed within the wire above an HTTP connection, which defeats one of the significant privacy and protection assures of HTTPS. HTTP operates at the best layer of the TCP/IP model—the application layer; as does the http://XXX
