HTTPS adoption in 2024 is around 95-98%, as measured by page loads in Chrome (it would be better if it was 100%!). These days, a plaintext HTTP site is a rarity, enough that many users of Chrome’s “Always Use Secure Connections” mode, which presents a full-page interstitial warning the user before accessing an HTTP page, see an average of zero warnings per week. But it didn’t always used to be this way! HTTPS didn’t even exist until after Netscape was created. As recently as 2013, HTTPS adoption was still below 50% of page loads. In 2010, the prevalent idea was still that HTTPS was only required for login pages to protect passwords, and not the rest of the site, even though this leaks the session cookie. Facebook first deployed site-wide HTTPS in 2010 after the Firesheep extension exploded in popularity on college campuses. Firesheep leveraged the lack of confidentiality for session cookies to enable anyone to steal them from other users on the same wifi.