I noticed on all project the default DSP applications run on IIS with the insecure http-protocol.
Nowadays https became the standard.
All browsers show a warning message in the address bar telling the website is insecure. This is not user-friendly and not advisable if you work with critical data.
I so recommend all new DSP installations to run the https-protocol by default.
http / https protocal used on specifc instances of teh Stewardship Tier is decided during the installation of the application.