[lostmsu]

This long article helpfully forgets to mention, that localhost/loopback addresses are considered secure without https.

https://developer.mozilla.org/en-US/docs/Web/Security/Secure...

[WorldMaker]

Some features have still moved to TLS-only even for localhost. "Considered secure" is somewhat orthogonal to "requires TLS". You can only use HTTP/2 with TLS, for instance, whether or not you are in a "secure context".