Sites shouldn't use the unsafe-url policy, as this may trigger HTTPS URLs to be exposed about the wire more than an HTTP relationship, which defeats one of several critical privateness and security guarantees of HTTPS. To speak or transfer details from a single Personal computer to a different, we'd like http://XXX
