Nowadays most sites redirect HTTP traffic to HTTPS for requests to their pages. However the same can't be said for assets (images, js, css). Most of the assets are available under both HTTP and HTTPS. Is there any particular reason that access to assets via HTTP is not redirected as is the case with the requests to pages? Why not force HTTPS everywhere?
SnapOverflow
It is true that the assets within HTTPS web pages should also be served through HTTPS but there are reasons to not try to force the web server to push every request to HTTPS for all incoming HTTP requests for that domain but continue to allow HTTP access.
This question confronts people when running the Certbot/Let's Encrypt tools for creating Free HTTPS SSL Certificates and configuring the Nginx or Apache Web Server. The Web Servers provide mechanisms to force clients that request http to redirect to the https version.
For general use it's probably safest and simplest to allow redirect to https and forced to use https. Just keep in mind that there are cases that may require deviating from this default.
Assets should not be included/referenced in HTTPS pages via HTTP at all. Or rephrased:
If you build a website which is loaded via HTTPS all its content has to be loaded via HTTPS as well. This includes CSS, JS, images and the like and even remote content not on the same domain.
If this was not the case any modern browser would inform the user about the website not being secure due to using mixed content.
Website providers might consider not enforcing the switch from HTTP to HTTPS on those elements when loaded on their own. This might be to have a fallback and not enforce users that use the website with HTTP from the beginning to load the assets via HTTPS.
Though I don't see how this might happen, as all users getting the website via HTTP are redirected to HTTPS. Anyway ... strange decision was made, probably during the early phase of HTTPS adoption and they might have stuck to this odd decision.