Web-sites must not use the unsafe-url policy, as this could bring about HTTPS URLs to become exposed within the wire over an HTTP relationship, which defeats among the list of significant privacy and safety ensures of HTTPS. SSL/TLS is particularly suited to HTTP, since it can offer some security even http://XXX
