It's very important to require HTTPS only on places where it's needed.
It's because of performance and security.

Static content needs to be served only by http otherwise we put unnecessary delay caused by https connection establishment.

I (LK) propose this:

• developers.redhat.com/auth/* <- Always on HTTPS
• developers.redhat.com/download-manager/* <- Always on HTTPS
• developers.redhat.com/* except both above paths it should be always on HTTP

Final decision

• developers.redhat.com/auth/* <- Always on HTTPS
• developers.redhat.com/download-manager/* <- Always on HTTPS
• developers.redhat.com/* provide both HTTP and HTTPS

Thanks to this all connections to Keycloak and DM would be always secured and website will be always on "fast" http.