HTTPS by default
The year 2018 will be the year where it is expected to use the HTTPS protocol for each website, and thus finally leave HTTP behind.
Every major browser will notify you that you're using an unencrypted site. For example, as of July 2018, Chrome will show "not secure" next to every website URL that is accessed by HTTP. Other browsers like Firefox and Opera will do the same, although not as obtrusive: The well-known green padlock will be replaced by a grey version, indicating the site you're visiting is not secure.
Though I agree that for informative sites without any login it might sound like overkill, but using an SSL certificate has never been easier, and cheaper! Certificate Authorities like Let's Encrypt enable you to create (and renew) a trusted certificate for your website, and sometimes even without any cost.
Also, as Google will lower your site's pagerank when not using HTTPS, there's no reason why you wouldn't make the switch.
My biggest fear is there are a lot of unmaintained websites (mostly small business websites and hobby projects), which will be marked as not secure in the near future. But then again, those might be the same sites that are still using an outdated PHP version. So maybe it's time to clear the dust and give those 90's looking websites a big overhaul, both visual and behind the scenes.
Unless of course, you're still into the 90's. In that case, just make sure the underlying code and SSL certificates are up to date. The web will thank you for your effort.