Why don't all websites use HTTPS?

years ago I would have agreed with the other answers that HTTPS is unnecessary for most web sites. Today, I'm no longer convinced it's optional. 

• Encrypted connections reduce the opportunity for ISP and government tracking, both a problem in most countries, including the US.
• Encrypted connections reduce the opportunity for on-the-wire malware and spoofing.
• Encrypted connections make up for the inadequacy of the insecure DNS infrastructure to some extent.
• The browser enforces a slightly higher security policy for HTTPS connections, reducing hack opportunities on the client regardless of the communication channel.
• If HTTPS is not present, even once, for one web site, a user is vulnerable to all of the above attacks or tracking.
• A computer which is hacked even once is owned by the hacker, forever or until it's reformatted and restored to a safe state.

The cost of HTTPS are also minimal for each web connection.

• The CPU cost of-bit encryption is very low, comparable or lower than compression algorithms.
• The extra ~ms latency of the7-way SSL handshake only occurs once per web connection.

The benefits far outweigh the costs in the modern computing environment on the Internet.

HTTPS is not required for all site since some are just information sites. They dont require any secure communication like for money transfers or confidential data exchanges.

HTTPS is secure (SSL) version of HTTP Protocol. Main purpose of HTTPS is used to secure the data communication from Sniffers. 

However, it is not a good practice to implement it with every website, because if a website is public and do not require any authentication then, there is no need to attach an additional encryption/decryption overhead to the data communication process.

Also, it is good (not mandatory) if the website Security Certificate is required to be signed by an Trusted signing authority.

Now-a-days, almost every website is using HTTPS for the user/session specific webpages and HTTP for the public pages.

Therefore, If someone is not using HTTPS accordingly, then it must not have awareness about the circumstances.

Only secure website use https

Not all websites require security features like encryption.

 

Also it adds cost for buying a SSL certificate to run a website on https.

 

However, SSL certfificates are getting cheaper nowadays

HTTPS( the SSL) adds latency which means a slower connection but surely secure.

just the HTTPS connection means a much slower world than todays technology.

SSL connection costs an extra buck compared to the normal HTTP & it doesnt support the virtual hosts.

hence considering the impact of HTTPS, many general websites still use HTTP connection for a faster browsing experience with minimal outage & less cost.

I would say not everyone can afford the SSL as one have to buy a dedicated IP to host the SSL certificate and it costs lot for those who are just running small level websites.

 

However now hope within few coming years people will tend to get the SSL due to Google latest release of giving priority to HTTPS sites over HTTP.

The most common type of SSL certificate requires that each Web site has a dedicated IP address. Shared hosting allows many sites on a single IP address; if we were to have every site on its own IP address we'd soon run out, assuming we don't switch to IPv6 which has its own problems. There are ways around this, but they're not universally supported in all browsers.

Because of the difference between the sites - social - educational - entertainment - Chat

They have their own privacy which they can't share with anyone , that's the reason they build or prepare a software according to their comfortable and policies

Not all websites required to provide an additional security for their own sites.

Some of them are not sensitive contents.