Sites should not utilize the unsafe-url policy, as this may lead to HTTPS URLs for being uncovered within the wire around an HTTP connection, which defeats among the essential privacy and security guarantees of HTTPS. SSL/TLS is particularly fitted to HTTP, as it can offer some protection even though only http://XXX
