Sites should not make use of the unsafe-url policy, as this will likely trigger HTTPS URLs being exposed about the wire over an HTTP link, which defeats one of several important privacy and stability guarantees of HTTPS. Through the transit among the browser and the online server, HTTPS shields the http://XXX
