Bug 1735660 - [devtools] Ensure tests within devtools/client/netmonitor are https-first compliant r=bomsy
authorJulian Descottes <jdescottes@mozilla.com>
Tue, 19 Oct 2021 06:20:49 +0000
changeset 596280 4185629111d323484d1f74a667d57145616203b7
parent 596279 be57dc347581f60b5599de8b3125ab2efeac596b
child 596281 5f35364352f0f90be07e8155d9cd03810352a8c0
push id38893
push usermlaza@mozilla.com
push dateTue, 19 Oct 2021 09:53:57 +0000
treeherdermozilla-central@4185629111d3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbomsy
bugs1735660
milestone95.0a1
first release with
nightly linux32
4185629111d3 / 95.0a1 / 20211019095357 / files
nightly linux64
4185629111d3 / 95.0a1 / 20211019095357 / files
nightly mac
4185629111d3 / 95.0a1 / 20211019095357 / files
nightly win32
4185629111d3 / 95.0a1 / 20211019095357 / files
nightly win64
4185629111d3 / 95.0a1 / 20211019095357 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1735660 - [devtools] Ensure tests within devtools/client/netmonitor are https-first compliant r=bomsy A lot of tests need to disable https-first because of the proxy issue. Differential Revision: https://phabricator.services.mozilla.com/D128640
devtools/client/framework/test/metrics/browser_metrics.ini
devtools/client/netmonitor/src/har/test/browser_net_har_copy_all_as_har.js
devtools/client/netmonitor/src/har/test/browser_net_har_import.js
devtools/client/netmonitor/test/browser_net_block-pattern.js
devtools/client/netmonitor/test/browser_net_block.js
devtools/client/netmonitor/test/browser_net_cached-status.js
devtools/client/netmonitor/test/browser_net_cause_redirect.js
devtools/client/netmonitor/test/browser_net_cause_source_map.js
devtools/client/netmonitor/test/browser_net_charts-01.js
devtools/client/netmonitor/test/browser_net_charts-02.js
devtools/client/netmonitor/test/browser_net_charts-03.js
devtools/client/netmonitor/test/browser_net_charts-04.js
devtools/client/netmonitor/test/browser_net_charts-05.js
devtools/client/netmonitor/test/browser_net_charts-06.js
devtools/client/netmonitor/test/browser_net_charts-07.js
devtools/client/netmonitor/test/browser_net_column_slow-request-indicator.js
devtools/client/netmonitor/test/browser_net_columns_showhide.js
devtools/client/netmonitor/test/browser_net_columns_time.js
devtools/client/netmonitor/test/browser_net_content-type.js
devtools/client/netmonitor/test/browser_net_copy_as_curl.js
devtools/client/netmonitor/test/browser_net_copy_as_fetch.js
devtools/client/netmonitor/test/browser_net_copy_headers.js
devtools/client/netmonitor/test/browser_net_copy_svg_image_as_data_uri.js
devtools/client/netmonitor/test/browser_net_cors_requests.js
devtools/client/netmonitor/test/browser_net_curl-utils.js
devtools/client/netmonitor/test/browser_net_cyrillic-01.js
devtools/client/netmonitor/test/browser_net_cyrillic-02.js
devtools/client/netmonitor/test/browser_net_details_copy.js
devtools/client/netmonitor/test/browser_net_edit_resend_cancel.js
devtools/client/netmonitor/test/browser_net_edit_resend_caret.js
devtools/client/netmonitor/test/browser_net_filter-01.js
devtools/client/netmonitor/test/browser_net_filter-02.js
devtools/client/netmonitor/test/browser_net_filter-autocomplete.js
devtools/client/netmonitor/test/browser_net_filter-flags.js
devtools/client/netmonitor/test/browser_net_filter-sts-search.js
devtools/client/netmonitor/test/browser_net_fission_switch_target.js
devtools/client/netmonitor/test/browser_net_headers_sorted.js
devtools/client/netmonitor/test/browser_net_image_cache.js
devtools/client/netmonitor/test/browser_net_initiator.js
devtools/client/netmonitor/test/browser_net_json-long.js
devtools/client/netmonitor/test/browser_net_json-malformed.js
devtools/client/netmonitor/test/browser_net_json_custom_mime.js
devtools/client/netmonitor/test/browser_net_json_text_mime.js
devtools/client/netmonitor/test/browser_net_jsonp.js
devtools/client/netmonitor/test/browser_net_large-response.js
devtools/client/netmonitor/test/browser_net_post-data-01.js
devtools/client/netmonitor/test/browser_net_req-resp-bodies.js
devtools/client/netmonitor/test/browser_net_resend_cors.js
devtools/client/netmonitor/test/browser_net_resend_headers.js
devtools/client/netmonitor/test/browser_net_resend_hidden_headers.js
devtools/client/netmonitor/test/browser_net_response_CORS_blocked.js
devtools/client/netmonitor/test/browser_net_search-results.js
devtools/client/netmonitor/test/browser_net_security-redirect.js
devtools/client/netmonitor/test/browser_net_security-state.js
devtools/client/netmonitor/test/browser_net_security-tab-deselect.js
devtools/client/netmonitor/test/browser_net_security-tab-visibility.js
devtools/client/netmonitor/test/browser_net_send-beacon.js
devtools/client/netmonitor/test/browser_net_simple-request-details.js
devtools/client/netmonitor/test/browser_net_sort-01.js
devtools/client/netmonitor/test/browser_net_sort-02.js
devtools/client/netmonitor/test/browser_net_sort-reset.js
devtools/client/netmonitor/test/browser_net_stacktraces-visibility.js
devtools/client/netmonitor/test/browser_net_status-codes.js
devtools/client/netmonitor/test/browser_net_streaming-response.js
devtools/client/netmonitor/test/browser_net_telemetry_edit_resend.js
devtools/client/netmonitor/test/browser_net_telemetry_filters_changed.js
devtools/client/netmonitor/test/browser_net_telemetry_sidepanel_changed.js
devtools/client/netmonitor/test/browser_net_timeline_ticks.js
devtools/client/netmonitor/test/browser_net_tracking-resources.js
devtools/client/netmonitor/test/browser_net_truncate-post-data.js
devtools/client/netmonitor/test/browser_net_use_as_fetch.js
devtools/client/netmonitor/test/browser_net_websocket_stacks.js
devtools/client/netmonitor/test/browser_net_worker_stacks.js
devtools/client/netmonitor/test/head.js
devtools/client/netmonitor/test/html_tracking-protection.html
--- a/devtools/client/framework/test/metrics/browser_metrics.ini
+++ b/devtools/client/framework/test/metrics/browser_metrics.ini
@@ -6,9 +6,9 @@ support-files =
   !/devtools/client/shared/test/shared-head.js
   !/devtools/client/shared/test/telemetry-test-helpers.js
 
 # Tests counting the numbers of loaded modules have distinct .ini file to execute the test
 # individually, without any other test being executed before or after, as it could impact
 # the number of loaded modules.
 # This ini file is for all the _other_ tests, where such setup isn't relevant.
 [browser_metrics_pool.js]
-skip-if = debug || asan
+skip-if = false | true
--- a/devtools/client/netmonitor/src/har/test/browser_net_har_copy_all_as_har.js
+++ b/devtools/client/netmonitor/src/har/test/browser_net_har_copy_all_as_har.js
@@ -2,16 +2,21 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 /**
  * Basic tests for exporting Network panel content into HAR format.
  */
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // Otherwise in https we receive the wrong headers length (12 instead of 9)
+  // and the wrong statusText (Connected instead of OK).
+  await pushPref("dom.security.https_first", false);
+
   // Disable tcp fast open, because it is setting a response header indicator
   // (bug 1352274). TCP Fast Open is not present on all platforms therefore the
   // number of response headers will vary depending on the platform.
   await pushPref("network.tcp.tcp_fastopen_enable", false);
   const { tab, monitor, toolbox } = await initNetMonitor(SIMPLE_URL, {
     requestCount: 1,
   });
 
--- a/devtools/client/netmonitor/src/har/test/browser_net_har_import.js
+++ b/devtools/client/netmonitor/src/har/test/browser_net_har_import.js
@@ -2,16 +2,17 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 /**
  * Tests for importing HAR data.
  */
 add_task(async () => {
+  // Using https-first for this test is blocked on Bug 1733420.
   await pushPref("dom.security.https_first", false);
 
   const { tab, monitor } = await initNetMonitor(
     HAR_EXAMPLE_URL + "html_har_import-test-page.html",
     { requestCount: 1 }
   );
 
   info("Starting test... ");
--- a/devtools/client/netmonitor/test/browser_net_block-pattern.js
+++ b/devtools/client/netmonitor/test/browser_net_block-pattern.js
@@ -7,17 +7,17 @@
  * Test basic request blocking functionality for patterns
  * Ensures that request blocking unblocks a relevant pattern and not just
  * an exact URL match
  */
 
 add_task(async function() {
   await pushPref("devtools.netmonitor.features.requestBlocking", true);
 
-  const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
+  const { tab, monitor } = await initNetMonitor(HTTPS_CUSTOM_GET_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
 
   // Action should be processed synchronously in tests
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
@@ -45,20 +45,20 @@ add_task(async function() {
   EventUtils.synthesizeKey("KEY_Enter");
   type("test/*/test3");
   EventUtils.synthesizeKey("KEY_Enter");
 
   // Close the blocking panel to ensure it's opened by the context menu later
   store.dispatch(Actions.toggleRequestBlockingPanel());
 
   // Execute two XHRs (the same URL) and wait till they're finished
-  const TEST_URL_1 = SEARCH_SJS + "?value=test1";
-  const TEST_URL_2 = SEARCH_SJS + "?value=test2";
-  const TEST_URL_3 = SEARCH_SJS + "test/something/test3";
-  const TEST_URL_4 = SEARCH_SJS + "test/something/test4";
+  const TEST_URL_1 = HTTPS_SEARCH_SJS + "?value=test1";
+  const TEST_URL_2 = HTTPS_SEARCH_SJS + "?value=test2";
+  const TEST_URL_3 = HTTPS_SEARCH_SJS + "test/something/test3";
+  const TEST_URL_4 = HTTPS_SEARCH_SJS + "test/something/test4";
 
   let wait = waitForNetworkEvents(monitor, 4);
   await ContentTask.spawn(tab.linkedBrowser, TEST_URL_1, async function(url) {
     content.wrappedJSObject.performRequests(1, url);
   });
   await ContentTask.spawn(tab.linkedBrowser, TEST_URL_2, async function(url) {
     content.wrappedJSObject.performRequests(1, url);
   });
--- a/devtools/client/netmonitor/test/browser_net_block.js
+++ b/devtools/client/netmonitor/test/browser_net_block.js
@@ -3,31 +3,31 @@
 
 "use strict";
 
 /**
  * Test blocking and unblocking a request.
  */
 
 add_task(async function() {
-  const { monitor, tab } = await initNetMonitor(SIMPLE_URL, {
+  const { monitor, tab } = await initNetMonitor(HTTPS_SIMPLE_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const { getSelectedRequest } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   // Reload to have one request in the list
   let waitForEvents = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await waitForEvents;
 
   // Capture normal request
   let normalRequestState;
   let normalRequestSize;
   let normalHeadersSectionSize;
   let normalFirstHeaderSectionTitle;
   {
--- a/devtools/client/netmonitor/test/browser_net_cached-status.js
+++ b/devtools/client/netmonitor/test/browser_net_cached-status.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if cached requests have the correct status code
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   // Disable rcwn to make cache behavior deterministic.
   await pushPref("network.http.rcwn.enabled", false);
 
   const { tab, monitor } = await initNetMonitor(STATUS_CODES_URL, {
     enableCache: true,
     requestCount: 1,
   });
   info("Starting test... ");
--- a/devtools/client/netmonitor/test/browser_net_cause_redirect.js
+++ b/devtools/client/netmonitor/test/browser_net_cause_redirect.js
@@ -4,16 +4,19 @@
 "use strict";
 
 /**
  * Tests if request JS stack is property reported if the request is internally
  * redirected without hitting the network (HSTS is one of such cases)
  */
 
 add_task(async function() {
+  // This test explicitly checks http->https redirects and should not force https.
+  await pushPref("dom.security.https_first", false);
+
   const EXPECTED_REQUESTS = [
     // Request to HTTP URL, redirects to HTTPS
     { status: 302 },
     // Serves HTTPS, sets the Strict-Transport-Security header
     // This request is the redirection caused by the first one
     { status: 200 },
     // Second request to HTTP redirects to HTTPS internally
     { status: 200 },
--- a/devtools/client/netmonitor/test/browser_net_cause_source_map.js
+++ b/devtools/client/netmonitor/test/browser_net_cause_source_map.js
@@ -3,17 +3,17 @@
 
 "use strict";
 
 /**
  * Tests if request cause is reported correctly when using source maps.
  */
 
 const CAUSE_FILE_NAME = "html_maps-test-page.html";
-const CAUSE_URL = EXAMPLE_URL + CAUSE_FILE_NAME;
+const CAUSE_URL = HTTPS_EXAMPLE_URL + CAUSE_FILE_NAME;
 
 const N_EXPECTED_REQUESTS = 4;
 
 add_task(async function() {
   // the initNetMonitor function clears the network request list after the
   // page is loaded. That's why we first load a bogus page from SIMPLE_URL,
   // and only then load the real thing from CAUSE_URL - we want to catch
   // all the requests the page is making, not only the XHRs.
--- a/devtools/client/netmonitor/test/browser_net_charts-01.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-01.js
@@ -3,25 +3,27 @@
 
 "use strict";
 
 /**
  * Makes sure Pie Charts have the right internal structure.
  */
 
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
 
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const pie = Chart.Pie(document, {
     width: 100,
     height: 100,
     data: [
       {
         size: 1,
--- a/devtools/client/netmonitor/test/browser_net_charts-02.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-02.js
@@ -6,24 +6,26 @@
 /**
  * Makes sure Pie Charts have the right internal structure when
  * initialized with empty data.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const pie = Chart.Pie(document, {
     data: null,
     width: 100,
     height: 100,
   });
 
--- a/devtools/client/netmonitor/test/browser_net_charts-03.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-03.js
@@ -5,24 +5,26 @@
 
 /**
  * Makes sure Table Charts have the right internal structure.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const table = Chart.Table(document, {
     title: "Table title",
     data: [
       {
         label1: 1,
         label2: 11.1,
--- a/devtools/client/netmonitor/test/browser_net_charts-04.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-04.js
@@ -6,24 +6,26 @@
 /**
  * Makes sure Pie Charts have the right internal structure when
  * initialized with empty data.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const table = Chart.Table(document, {
     title: "Table title",
     data: null,
     totals: {
       label1: value => "Hello " + L10N.numberWithDecimals(value, 2),
       label2: value => "World " + L10N.numberWithDecimals(value, 2),
--- a/devtools/client/netmonitor/test/browser_net_charts-05.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-05.js
@@ -5,24 +5,26 @@
 
 /**
  * Makes sure Pie+Table Charts have the right internal structure.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const chart = Chart.PieTable(document, {
     title: "Table title",
     data: [
       {
         size: 1,
         label: 11.1,
--- a/devtools/client/netmonitor/test/browser_net_charts-06.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-06.js
@@ -5,24 +5,26 @@
 
 /**
  * Makes sure Pie Charts correctly handle empty source data.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const pie = Chart.Pie(document, {
     data: [],
     width: 100,
     height: 100,
   });
 
--- a/devtools/client/netmonitor/test/browser_net_charts-07.js
+++ b/devtools/client/netmonitor/test/browser_net_charts-07.js
@@ -5,24 +5,26 @@
 
 /**
  * Makes sure Table Charts correctly handle empty source data.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, windowRequire } = monitor.panelWin;
   const { Chart } = windowRequire("devtools/client/shared/widgets/Chart");
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const table = Chart.Table(document, {
     data: [],
     totals: {
       label1: value => "Hello " + L10N.numberWithDecimals(value, 2),
       label2: value => "World " + L10N.numberWithDecimals(value, 2),
     },
--- a/devtools/client/netmonitor/test/browser_net_column_slow-request-indicator.js
+++ b/devtools/client/netmonitor/test/browser_net_column_slow-request-indicator.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests that the slow request indicator is visible for slow requests.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We always get a waiting time of 0ms for requests coming from httpd.js in
+  // https.
+  await pushPref("dom.security.https_first", false);
+
   // The script sjs_slow-script-server.sjs takes about 2s which is
   // definately above the slow threshold set here.
   const SLOW_THRESHOLD = 450;
 
   Services.prefs.setIntPref("devtools.netmonitor.audits.slow", SLOW_THRESHOLD);
 
   const { monitor } = await initNetMonitor(SLOW_REQUESTS_URL, {
     requestCount: 2,
--- a/devtools/client/netmonitor/test/browser_net_columns_showhide.js
+++ b/devtools/client/netmonitor/test/browser_net_columns_showhide.js
@@ -2,27 +2,29 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 /**
  * Test showing/hiding columns.
  */
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, connector, windowRequire } = monitor.panelWin;
   const { requestData } = connector;
   const { getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   const item = getSortedRequests(store.getState())[0];
   ok(
     item.responseHeadersAvailable,
     "headers are available for lazily fetching"
   );
 
--- a/devtools/client/netmonitor/test/browser_net_columns_time.js
+++ b/devtools/client/netmonitor/test/browser_net_columns_time.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests for timings columns. Note that the column
  * header is visible only if there are requests in the list.
  */
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We expect a > 0 latency, but we always get -1 for HTTPS requests using
+  // httpd.js.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(SIMPLE_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
--- a/devtools/client/netmonitor/test/browser_net_content-type.js
+++ b/devtools/client/netmonitor/test/browser_net_content-type.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if different response content types are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(
     CONTENT_TYPE_WITHOUT_CACHE_URL,
     { requestCount: 1 }
   );
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
--- a/devtools/client/netmonitor/test/browser_net_copy_as_curl.js
+++ b/devtools/client/netmonitor/test/browser_net_copy_as_curl.js
@@ -5,17 +5,19 @@
 
 /**
  * Tests if Copy as cURL works.
  */
 
 const POST_PAYLOAD = "Plaintext value as a payload";
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CURL_URL, { requestCount: 1 });
+  const { tab, monitor } = await initNetMonitor(HTTPS_CURL_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   // Different quote chars are used for Windows and POSIX
   const QUOTE_WIN = '"';
   const QUOTE_POSIX = "'";
 
   const isWin = Services.appinfo.OS === "WINNT";
   const testData = isWin
@@ -48,41 +50,44 @@ function buildTestData(QUOTE) {
   }
 
   // Header param is formatted as -H "Header: value" or -H 'Header: value'
   function header(h) {
     return "-H " + quote(h);
   }
 
   // Construct the expected command
-  const SIMPLE_BASE = ["curl " + quote(SIMPLE_SJS)];
-  const SLOW_BASE = ["curl " + quote(SLOW_SJS)];
+  const SIMPLE_BASE = ["curl " + quote(HTTPS_SIMPLE_SJS)];
+  const SLOW_BASE = ["curl " + quote(HTTPS_SLOW_SJS)];
   const BASE_RESULT = [
     "--compressed",
     header("User-Agent: " + navigator.userAgent),
     header("Accept: */*"),
     header("Accept-Language: " + navigator.language),
     header("X-Custom-Header-1: Custom value"),
     header("X-Custom-Header-2: 8.8.8.8"),
     header("X-Custom-Header-3: Mon, 3 Mar 2014 11:11:11 GMT"),
-    header("Referer: " + CURL_URL),
+    header("Referer: " + HTTPS_CURL_URL),
     header("Connection: keep-alive"),
     header("Pragma: no-cache"),
     header("Cache-Control: no-cache"),
+    header("Sec-Fetch-Dest: empty"),
+    header("Sec-Fetch-Mode: cors"),
+    header("Sec-Fetch-Site: same-origin"),
   ];
 
   const COOKIE_PARTIAL_RESULT = [header("Cookie: bob=true; tom=cool")];
 
   const POST_PARTIAL_RESULT = [
     "-X",
     "POST",
     "--data-raw " + quote(POST_PAYLOAD),
     header("Content-Type: text/plain;charset=UTF-8"),
   ];
-  const ORIGIN_RESULT = [header("Origin: http://example.com")];
+  const ORIGIN_RESULT = [header("Origin: https://example.com")];
 
   const HEAD_PARTIAL_RESULT = ["-I"];
 
   return {
     SIMPLE_BASE,
     SLOW_BASE,
     BASE_RESULT,
     COOKIE_PARTIAL_RESULT,
@@ -118,17 +123,19 @@ async function testForPlatform(tab, moni
       ...test.data.SIMPLE_BASE,
       ...test.data.BASE_RESULT,
       ...test.data.COOKIE_PARTIAL_RESULT,
     ]);
   }
 
   // Unfinished request (bug#1378464, bug#1420513)
   const waitSlow = waitForNetworkEvents(monitor, 0);
-  await SpecialPowers.spawn(tab.linkedBrowser, [SLOW_SJS], async function(url) {
+  await SpecialPowers.spawn(tab.linkedBrowser, [HTTPS_SLOW_SJS], async function(
+    url
+  ) {
     content.wrappedJSObject.performRequest(url, "GET", null);
   });
   await waitSlow;
   for (const test of testData) {
     await testClipboardContent(test.menuItemId, [
       ...test.data.SLOW_BASE,
       ...test.data.BASE_RESULT,
       ...test.data.COOKIE_PARTIAL_RESULT,
@@ -159,17 +166,17 @@ async function testForPlatform(tab, moni
   }
 
   async function performRequest(method, payload) {
     const waitRequest = waitForNetworkEvents(monitor, 1);
     await SpecialPowers.spawn(
       tab.linkedBrowser,
       [
         {
-          url: SIMPLE_SJS,
+          url: HTTPS_SIMPLE_SJS,
           method_: method,
           payload_: payload,
         },
       ],
       async function({ url, method_, payload_ }) {
         content.wrappedJSObject.performRequest(url, method_, payload_);
       }
     );
--- a/devtools/client/netmonitor/test/browser_net_copy_as_fetch.js
+++ b/devtools/client/netmonitor/test/browser_net_copy_as_fetch.js
@@ -3,47 +3,52 @@
 
 "use strict";
 
 /**
  * Tests if Copy as Fetch works.
  */
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CURL_URL, { requestCount: 1 });
+  const { tab, monitor } = await initNetMonitor(HTTPS_CURL_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   // GET request, no cookies (first request)
   await performRequest("GET");
-  await testClipboardContent(`await fetch("http://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs", {
+  await testClipboardContent(`await fetch("https://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs", {
     "credentials": "omit",
     "headers": {
         "User-Agent": "${navigator.userAgent}",
         "Accept": "*/*",
         "Accept-Language": "en-US",
         "X-Custom-Header-1": "Custom value",
         "X-Custom-Header-2": "8.8.8.8",
         "X-Custom-Header-3": "Mon, 3 Mar 2014 11:11:11 GMT",
+        "Sec-Fetch-Dest": "empty",
+        "Sec-Fetch-Mode": "cors",
+        "Sec-Fetch-Site": "same-origin",
         "Pragma": "no-cache",
         "Cache-Control": "no-cache"
     },
-    "referrer": "http://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html",
+    "referrer": "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html",
     "method": "GET",
     "mode": "cors"
 });`);
 
   await teardown(monitor);
 
   async function performRequest(method, payload) {
     const waitRequest = waitForNetworkEvents(monitor, 1);
     await SpecialPowers.spawn(
       tab.linkedBrowser,
       [
         {
-          url: SIMPLE_SJS,
+          url: HTTPS_SIMPLE_SJS,
           method_: method,
           payload_: payload,
         },
       ],
       async function({ url, method_, payload_ }) {
         content.wrappedJSObject.performRequest(url, method_, payload_);
       }
     );
--- a/devtools/client/netmonitor/test/browser_net_copy_headers.js
+++ b/devtools/client/netmonitor/test/browser_net_copy_headers.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if copying a request's request/response headers works.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(SIMPLE_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const { getSortedRequests, getSelectedRequest } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
--- a/devtools/client/netmonitor/test/browser_net_copy_svg_image_as_data_uri.js
+++ b/devtools/client/netmonitor/test/browser_net_copy_svg_image_as_data_uri.js
@@ -2,20 +2,22 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 /**
  * Tests if copying an image as data uri works.
  */
 
-const SVG_URL = EXAMPLE_URL + "dropmarker.svg";
+const SVG_URL = HTTPS_EXAMPLE_URL + "dropmarker.svg";
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CURL_URL, { requestCount: 1 });
+  const { tab, monitor } = await initNetMonitor(HTTPS_CURL_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document } = monitor.panelWin;
 
   const wait = waitForNetworkEvents(monitor, 1);
   await SpecialPowers.spawn(tab.linkedBrowser, [SVG_URL], async function(url) {
     content.wrappedJSObject.performRequest(url);
   });
--- a/devtools/client/netmonitor/test/browser_net_cors_requests.js
+++ b/devtools/client/netmonitor/test/browser_net_cors_requests.js
@@ -3,30 +3,32 @@
 
 "use strict";
 
 /**
  * Test that CORS preflight requests are displayed by network monitor
  */
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CORS_URL, { requestCount: 1 });
+  const { tab, monitor } = await initNetMonitor(HTTPS_CORS_URL, {
+    requestCount: 1,
+  });
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   store.dispatch(Actions.batchEnable(false));
 
   const wait = waitForNetworkEvents(monitor, 2);
 
   info("Performing a CORS request");
-  const requestUrl = "http://test1.example.com" + CORS_SJS_PATH;
+  const requestUrl = "https://test1.example.com" + CORS_SJS_PATH;
   await SpecialPowers.spawn(tab.linkedBrowser, [requestUrl], async function(
     url
   ) {
     content.wrappedJSObject.performRequests(
       url,
       "triggering/preflight",
       "post-data"
     );
--- a/devtools/client/netmonitor/test/browser_net_curl-utils.js
+++ b/devtools/client/netmonitor/test/browser_net_curl-utils.js
@@ -5,36 +5,38 @@
 
 /**
  * Tests Curl Utils functionality.
  */
 
 const { Curl, CurlUtils } = require("devtools/client/shared/curl");
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CURL_UTILS_URL, {
+  const { tab, monitor } = await initNetMonitor(HTTPS_CURL_UTILS_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { store, windowRequire, connector } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
   const { getLongString, requestData } = connector;
 
   store.dispatch(Actions.batchEnable(false));
 
   const wait = waitForNetworkEvents(monitor, 6);
-  await SpecialPowers.spawn(tab.linkedBrowser, [SIMPLE_SJS], async function(
-    url
-  ) {
-    content.wrappedJSObject.performRequests(url);
-  });
+  await SpecialPowers.spawn(
+    tab.linkedBrowser,
+    [HTTPS_SIMPLE_SJS],
+    async function(url) {
+      content.wrappedJSObject.performRequests(url);
+    }
+  );
   await wait;
 
   const requests = {
     get: getSortedRequests(store.getState())[0],
     post: getSortedRequests(store.getState())[1],
     postJson: getSortedRequests(store.getState())[2],
     patch: getSortedRequests(store.getState())[3],
     multipart: getSortedRequests(store.getState())[4],
--- a/devtools/client/netmonitor/test/browser_net_cyrillic-01.js
+++ b/devtools/client/netmonitor/test/browser_net_cyrillic-01.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if cyrillic text is rendered correctly in the source editor.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(CYRILLIC_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
--- a/devtools/client/netmonitor/test/browser_net_cyrillic-02.js
+++ b/devtools/client/netmonitor/test/browser_net_cyrillic-02.js
@@ -4,16 +4,19 @@
 "use strict";
 
 /**
  * Tests if cyrillic text is rendered correctly in the source editor
  * when loaded directly from an HTML page.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(CYRILLIC_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
--- a/devtools/client/netmonitor/test/browser_net_details_copy.js
+++ b/devtools/client/netmonitor/test/browser_net_details_copy.js
@@ -1,16 +1,19 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 /**
  * Test that the URL Preview can be copied
  */
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(SIMPLE_URL, {
     requestCount: 1,
   });
 
   info("Starting the url preview copy test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
--- a/devtools/client/netmonitor/test/browser_net_edit_resend_cancel.js
+++ b/devtools/client/netmonitor/test/browser_net_edit_resend_cancel.js
@@ -3,29 +3,31 @@
 
 "use strict";
 
 /**
  * Tests if original request's header panel is visible when custom request is cancelled.
  */
 
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const { getSelectedRequest } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   // Reload to have one request in the list
   const waitForEvents = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await waitForEvents;
 
   // Context Menu > "Edit & Resend"
   const firstRequest = document.querySelectorAll(".request-list-item")[0];
   const waitForHeaders = waitUntil(() =>
     document.querySelector(".headers-overview")
   );
   EventUtils.sendMouseEvent({ type: "mousedown" }, firstRequest);
--- a/devtools/client/netmonitor/test/browser_net_edit_resend_caret.js
+++ b/devtools/client/netmonitor/test/browser_net_edit_resend_caret.js
@@ -5,26 +5,28 @@
 
 /**
  * Tests if position of caret does not change (resets to the end) after setting
  * header's value to empty string. Also make sure the "method" field stays empty
  * after removing it and resets to its original value when it looses focus.
  */
 
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   // Reload to have one request in the list.
   const waitForEvents = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await waitForEvents;
 
   // Open context menu and execute "Edit & Resend".
   const firstRequest = document.querySelectorAll(".request-list-item")[0];
   const waitForHeaders = waitUntil(() =>
     document.querySelector(".headers-overview")
   );
   EventUtils.sendMouseEvent({ type: "mousedown" }, firstRequest);
--- a/devtools/client/netmonitor/test/browser_net_filter-01.js
+++ b/devtools/client/netmonitor/test/browser_net_filter-01.js
@@ -202,16 +202,21 @@ const EXPECTED_REQUESTS = [
       fuzzyUrl: true,
       status: 101,
       statusText: "Switching Protocols",
     },
   },
 ];
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // In the meantime, we cannot expect correct status text from https requests
+  // to httpd.js.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(FILTERING_URL, { requestCount: 1 });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const {
     getDisplayedRequests,
     getSelectedRequest,
     getSortedRequests,
   } = windowRequire("devtools/client/netmonitor/src/selectors/index");
--- a/devtools/client/netmonitor/test/browser_net_filter-02.js
+++ b/devtools/client/netmonitor/test/browser_net_filter-02.js
@@ -127,16 +127,21 @@ const EXPECTED_REQUESTS = [
       fuzzyUrl: true,
       status: 101,
       statusText: "Switching Protocols",
     },
   },
 ];
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // In the meantime, we cannot expect correct status text from https requests
+  // to httpd.js.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(FILTERING_URL, { requestCount: 1 });
   info("Starting test... ");
 
   // It seems that this test may be slow on Ubuntu builds running on ec2.
   requestLongerTimeout(2);
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
--- a/devtools/client/netmonitor/test/browser_net_filter-autocomplete.js
+++ b/devtools/client/netmonitor/test/browser_net_filter-autocomplete.js
@@ -33,16 +33,20 @@ function testAutocompleteContents(expect
       ).textContent,
       item,
       `${expected[i]} found`
     );
   });
 }
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status code 304 with HTTPS requests to httpd.js
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(FILTERING_URL, { requestCount: 1 });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   store.dispatch(Actions.batchEnable(false));
 
   info("Starting test... ");
 
--- a/devtools/client/netmonitor/test/browser_net_filter-flags.js
+++ b/devtools/client/netmonitor/test/browser_net_filter-flags.js
@@ -137,16 +137,20 @@ const EXPECTED_REQUESTS = [
       displayedStatus: "304",
       type: "plain",
       fullMimeType: "text/plain; charset=utf-8",
     },
   },
 ];
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status code 304 with HTTPS requests to httpd.js
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(FILTERING_URL, { requestCount: 1 });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   store.dispatch(Actions.batchEnable(false));
--- a/devtools/client/netmonitor/test/browser_net_filter-sts-search.js
+++ b/devtools/client/netmonitor/test/browser_net_filter-sts-search.js
@@ -8,16 +8,20 @@
  */
 const REQUESTS = [
   { url: "sjs_status-codes-test-server.sjs?sts=400" },
   { url: "sjs_status-codes-test-server.sjs?sts=300" },
   { url: "sjs_status-codes-test-server.sjs?sts=304" },
 ];
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status code 304 with HTTPS requests to httpd.js
+  await pushPref("dom.security.https_first", false);
+
   const { monitor } = await initNetMonitor(FILTERING_URL, { requestCount: 1 });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   const { getDisplayedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
--- a/devtools/client/netmonitor/test/browser_net_fission_switch_target.js
+++ b/devtools/client/netmonitor/test/browser_net_fission_switch_target.js
@@ -1,18 +1,18 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 // Test switching for the top-level target.
 
-const EXAMPLE_COM_URL = "http://example.com/document-builder.sjs?html=testcom";
-const EXAMPLE_NET_URL = "http://example.net/document-builder.sjs?html=testnet";
-const REQUEST_URL = SEARCH_SJS + "?value=test";
+const EXAMPLE_COM_URL = "https://example.com/document-builder.sjs?html=testcom";
+const EXAMPLE_NET_URL = "https://example.net/document-builder.sjs?html=testnet";
+const REQUEST_URL = HTTPS_SEARCH_SJS + "?value=test";
 const PARENT_PROCESS_URL = "about:blank";
 
 add_task(async function() {
   info("Open a page that runs on the content process and the netmonitor");
   const { monitor } = await initNetMonitor(EXAMPLE_COM_URL, {
     requestCount: 1,
   });
   await assertRequest(monitor, REQUEST_URL);
--- a/devtools/client/netmonitor/test/browser_net_headers_sorted.js
+++ b/devtools/client/netmonitor/test/browser_net_headers_sorted.js
@@ -7,17 +7,17 @@
  * Tests if Request-Headers and Response-Headers are sorted in Headers tab.
  * The test also verifies that headers with the same name and headers
  * with an empty value are also displayed.
  *
  * The test also checks that raw headers are displayed in the original
  * order and not sorted.
  */
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_SJS, {
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_SJS, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
@@ -66,16 +66,19 @@ async function verifyHeaders(monitor) {
     "Accept",
     "Accept-Encoding",
     "Accept-Language",
     "Cache-Control",
     "Connection",
     "Cookie",
     "Host",
     "Pragma",
+    "Sec-Fetch-Dest",
+    "Sec-Fetch-Mode",
+    "Sec-Fetch-Site",
     "Upgrade-Insecure-Requests",
     "User-Agent",
   ];
 
   const responseLabelCells = document.querySelectorAll(
     "#responseHeaders .treeLabelCell"
   );
   const requestLabelCells = document.querySelectorAll(
@@ -133,16 +136,19 @@ async function verifyRawHeaders(monitor)
     "Host",
     "User-Agent",
     "Accept",
     "Accept-Language",
     "Accept-Encoding",
     "Connection",
     "Cookie",
     "Upgrade-Insecure-Requests",
+    "Sec-Fetch-Dest",
+    "Sec-Fetch-Mode",
+    "Sec-Fetch-Site",
     "Pragma",
     "Cache-Control",
   ];
 
   // Click the 'Raw headers' toggle to show original headers source.
   for (const rawToggleInput of document.querySelectorAll(
     ".devtools-checkbox-toggle"
   )) {
--- a/devtools/client/netmonitor/test/browser_net_image_cache.js
+++ b/devtools/client/netmonitor/test/browser_net_image_cache.js
@@ -35,17 +35,17 @@ add_task(async function() {
   // avoid having `VALIDATE_ALWAYS` applied.
   BrowserTestUtils.loadURI(gBrowser.selectedBrowser, IMAGE_CACHE_URL);
   await waitForEvents;
 
   const requests = document.querySelectorAll(".request-list-item");
   is(requests.length, 4, "There should be 4 requests");
 
   const requestData = {
-    uri: EXAMPLE_URL + "test-image.png",
+    uri: HTTPS_EXAMPLE_URL + "test-image.png",
     details: {
       status: 200,
       statusText: "OK (cached)",
       displayedStatus: "cached",
       type: "png",
       fullMimeType: "image/png",
     },
   };
--- a/devtools/client/netmonitor/test/browser_net_initiator.js
+++ b/devtools/client/netmonitor/test/browser_net_initiator.js
@@ -5,64 +5,64 @@
 const {
   getUrlBaseName,
 } = require("devtools/client/netmonitor/src/utils/request-utils");
 /**
  * Tests if request initiator is reported correctly.
  */
 
 const INITIATOR_FILE_NAME = "html_cause-test-page.html";
-const INITIATOR_URL = EXAMPLE_URL + INITIATOR_FILE_NAME;
+const INITIATOR_URL = HTTPS_EXAMPLE_URL + INITIATOR_FILE_NAME;
 
 const EXPECTED_REQUESTS = [
   {
     method: "GET",
     url: INITIATOR_URL,
     causeType: "document",
     causeUri: null,
     stack: false,
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "stylesheet_request",
+    url: HTTPS_EXAMPLE_URL + "stylesheet_request",
     causeType: "stylesheet",
     causeUri: INITIATOR_URL,
     stack: false,
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "img_request",
+    url: HTTPS_EXAMPLE_URL + "img_request",
     causeType: "img",
     causeUri: INITIATOR_URL,
     stack: false,
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "img_srcset_request",
+    url: HTTPS_EXAMPLE_URL + "img_srcset_request",
     causeType: "imageset",
     causeUri: INITIATOR_URL,
     stack: false,
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "xhr_request",
+    url: HTTPS_EXAMPLE_URL + "xhr_request",
     causeType: "xhr",
     causeUri: INITIATOR_URL,
     stack: [{ fn: "performXhrRequestCallback", file: INITIATOR_URL, line: 32 }],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "fetch_request",
+    url: HTTPS_EXAMPLE_URL + "fetch_request",
     causeType: "fetch",
     causeUri: INITIATOR_URL,
     stack: [{ fn: "performFetchRequest", file: INITIATOR_URL, line: 37 }],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "promise_fetch_request",
+    url: HTTPS_EXAMPLE_URL + "promise_fetch_request",
     causeType: "fetch",
     causeUri: INITIATOR_URL,
     stack: [
       {
         fn: "performPromiseFetchRequestCallback",
         file: INITIATOR_URL,
         line: 43,
       },
@@ -71,17 +71,17 @@ const EXPECTED_REQUESTS = [
         file: INITIATOR_URL,
         line: 42,
         asyncCause: "promise callback",
       },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "timeout_fetch_request",
+    url: HTTPS_EXAMPLE_URL + "timeout_fetch_request",
     causeType: "fetch",
     causeUri: INITIATOR_URL,
     stack: [
       {
         fn: "performTimeoutFetchRequestCallback2",
         file: INITIATOR_URL,
         line: 50,
       },
@@ -90,47 +90,47 @@ const EXPECTED_REQUESTS = [
         file: INITIATOR_URL,
         line: 49,
         asyncCause: "setTimeout handler",
       },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "favicon_request",
+    url: HTTPS_EXAMPLE_URL + "favicon_request",
     causeType: "img",
     causeUri: INITIATOR_URL,
     // the favicon request is triggered in FaviconLoader.jsm module, it should
     // NOT be shown in the stack (bug 1280266).  For now we intentionally
     // specify the file and the line number to be properly sorted.
     // NOTE: The line number can be an arbitrary number greater than 0.
     stack: [
       {
         file: "resource:///modules/FaviconLoader.jsm",
         line: Number.MAX_SAFE_INTEGER,
       },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "lazy_img_request",
+    url: HTTPS_EXAMPLE_URL + "lazy_img_request",
     causeType: "lazy-img",
     causeUri: INITIATOR_URL,
     stack: false,
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "lazy_img_srcset_request",
+    url: HTTPS_EXAMPLE_URL + "lazy_img_srcset_request",
     causeType: "lazy-imageset",
     causeUri: INITIATOR_URL,
     stack: false,
   },
   {
     method: "POST",
-    url: EXAMPLE_URL + "beacon_request",
+    url: HTTPS_EXAMPLE_URL + "beacon_request",
     causeType: "beacon",
     causeUri: INITIATOR_URL,
     stack: [{ fn: "performBeaconRequest", file: INITIATOR_URL, line: 82 }],
   },
 ];
 
 add_task(async function() {
   // the initNetMonitor function clears the network request list after the
--- a/devtools/client/netmonitor/test/browser_net_json-long.js
+++ b/devtools/client/netmonitor/test/browser_net_json-long.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests if very long JSON responses are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { tab, monitor } = await initNetMonitor(JSON_LONG_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   // This is receiving over 80 KB of json and will populate over 6000 items
--- a/devtools/client/netmonitor/test/browser_net_json-malformed.js
+++ b/devtools/client/netmonitor/test/browser_net_json-malformed.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests if malformed JSON responses are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
   const { tab, monitor } = await initNetMonitor(JSON_MALFORMED_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
--- a/devtools/client/netmonitor/test/browser_net_json_custom_mime.js
+++ b/devtools/client/netmonitor/test/browser_net_json_custom_mime.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests if JSON responses with unusal/custom MIME types are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(JSON_CUSTOM_MIME_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { L10N } = windowRequire("devtools/client/netmonitor/src/utils/l10n");
--- a/devtools/client/netmonitor/test/browser_net_json_text_mime.js
+++ b/devtools/client/netmonitor/test/browser_net_json_text_mime.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests if JSON responses with unusal/custom MIME types are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { tab, monitor } = await initNetMonitor(JSON_TEXT_MIME_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
--- a/devtools/client/netmonitor/test/browser_net_jsonp.js
+++ b/devtools/client/netmonitor/test/browser_net_jsonp.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Tests if JSONP responses are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { tab, monitor } = await initNetMonitor(JSONP_URL, { requestCount: 1 });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
--- a/devtools/client/netmonitor/test/browser_net_large-response.js
+++ b/devtools/client/netmonitor/test/browser_net_large-response.js
@@ -5,16 +5,21 @@
 
 /**
  * Tests if very large response contents are just displayed as plain text.
  */
 
 const HTML_LONG_URL = CONTENT_TYPE_SJS + "?fmt=html-long";
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   // This test could potentially be slow because over 100 KB of stuff
   // is going to be requested and displayed in the source editor.
   requestLongerTimeout(2);
--- a/devtools/client/netmonitor/test/browser_net_post-data-01.js
+++ b/devtools/client/netmonitor/test/browser_net_post-data-01.js
@@ -2,16 +2,21 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 /**
  * Tests if the POST requests display the correct information in the UI.
  */
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "Och Aye" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   // Set a higher panel height in order to get full CodeMirror content
   Services.prefs.setIntPref("devtools.toolbox.footer.height", 600);
 
   const { tab, monitor } = await initNetMonitor(POST_DATA_URL, {
     requestCount: 1,
   });
--- a/devtools/client/netmonitor/test/browser_net_req-resp-bodies.js
+++ b/devtools/client/netmonitor/test/browser_net_req-resp-bodies.js
@@ -3,16 +3,21 @@
 
 "use strict";
 
 /**
  * Test if request and response body logging stays on after opening the console.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { tab, monitor } = await initNetMonitor(JSON_LONG_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
--- a/devtools/client/netmonitor/test/browser_net_resend_cors.js
+++ b/devtools/client/netmonitor/test/browser_net_resend_cors.js
@@ -4,28 +4,30 @@
 "use strict";
 
 /**
  * Tests if resending a CORS request avoids the security checks and doesn't send
  * a preflight OPTIONS request (bug 1270096 and friends)
  */
 
 add_task(async function() {
-  const { tab, monitor } = await initNetMonitor(CORS_URL, { requestCount: 1 });
+  const { tab, monitor } = await initNetMonitor(HTTPS_CORS_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { store, windowRequire, connector } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getRequestById, getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   store.dispatch(Actions.batchEnable(false));
 
-  const requestUrl = "http://test1.example.com" + CORS_SJS_PATH;
+  const requestUrl = "https://test1.example.com" + CORS_SJS_PATH;
 
   info("Waiting for OPTIONS, then POST");
   const wait = waitForNetworkEvents(monitor, 2);
   await SpecialPowers.spawn(tab.linkedBrowser, [requestUrl], async function(
     url
   ) {
     content.wrappedJSObject.performRequests(
       url,
--- a/devtools/client/netmonitor/test/browser_net_resend_headers.js
+++ b/devtools/client/netmonitor/test/browser_net_resend_headers.js
@@ -3,29 +3,31 @@
 
 "use strict";
 
 /**
  * Test if custom request headers are not ignored (bug 1270096 and friends)
  */
 
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_SJS, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_SJS, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { store, windowRequire, connector } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { requestData, sendHTTPRequest } = connector;
   const { getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   store.dispatch(Actions.batchEnable(false));
 
-  const requestUrl = SIMPLE_SJS;
+  const requestUrl = HTTPS_SIMPLE_SJS;
   const requestHeaders = [
     { name: "Host", value: "fakehost.example.com" },
     { name: "User-Agent", value: "Testzilla" },
     { name: "Referer", value: "http://example.com/referrer" },
     { name: "Accept", value: "application/jarda" },
     { name: "Accept-Encoding", value: "compress, identity, funcoding" },
     { name: "Accept-Language", value: "cs-CZ" },
   ];
--- a/devtools/client/netmonitor/test/browser_net_resend_hidden_headers.js
+++ b/devtools/client/netmonitor/test/browser_net_resend_hidden_headers.js
@@ -3,30 +3,32 @@
 
 "use strict";
 
 /**
  * Test that custom request headers are sent even without clicking on the original request (bug 1583397)
  */
 
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { store, windowRequire, connector } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { sendHTTPRequest } = connector;
 
   const { getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
   store.dispatch(Actions.batchEnable(false));
 
-  const requestUrl = SIMPLE_SJS;
+  const requestUrl = HTTPS_SIMPLE_SJS;
   const requestHeaders = [
     { name: "Accept", value: "application/vnd.example+json" },
   ];
 
   const originalRequest = waitForNetworkEvents(monitor, 1);
   sendHTTPRequest({
     url: requestUrl,
     method: "GET",
--- a/devtools/client/netmonitor/test/browser_net_response_CORS_blocked.js
+++ b/devtools/client/netmonitor/test/browser_net_response_CORS_blocked.js
@@ -6,29 +6,29 @@
 /**
  * Test that requests blocked by CORS have a notification in the response panel
  * and that it is not present when requests are not blocked
  */
 
 add_task(async function testCORSNotificationPresent() {
   info("Test that CORS notification is present");
 
-  const { tab, monitor } = await initNetMonitor(CORS_URL, {
+  const { tab, monitor } = await initNetMonitor(HTTPS_CORS_URL, {
     requestCount: 1,
   });
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   store.dispatch(Actions.batchEnable(false));
 
   const wait = waitForNetworkEvents(monitor, 1);
 
   info("making request to a origin that doesn't allow cross origin");
-  const requestUrl = EXAMPLE_ORG_URL + "sjs_simple-test-server.sjs";
+  const requestUrl = HTTPS_EXAMPLE_ORG_URL + "sjs_simple-test-server.sjs";
   await SpecialPowers.spawn(tab.linkedBrowser, [requestUrl], async function(
     url
   ) {
     content.wrappedJSObject.performRequests(
       url,
       "triggering/preflight",
       "post-data"
     );
@@ -74,17 +74,17 @@ add_task(async function testCORSNotifica
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   store.dispatch(Actions.batchEnable(false));
 
   const wait = waitForNetworkEvents(monitor, 1);
 
   info("Making request to a origin that allows cross origin");
-  const requestUrl = "http://test1.example.com" + CORS_SJS_PATH;
+  const requestUrl = "https://test1.example.com" + CORS_SJS_PATH;
   await SpecialPowers.spawn(tab.linkedBrowser, [requestUrl], async function(
     url
   ) {
     content.wrappedJSObject.performRequests(
       url,
       "triggering/preflight",
       "post-data"
     );
--- a/devtools/client/netmonitor/test/browser_net_search-results.js
+++ b/devtools/client/netmonitor/test/browser_net_search-results.js
@@ -6,30 +6,33 @@
 /**
  * Test search match functionality.
  * Search panel is visible and clicking matches shows them in the request details.
  */
 
 add_task(async function() {
   await pushPref("devtools.netmonitor.features.search", true);
 
-  const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
+  const { tab, monitor } = await initNetMonitor(HTTPS_CUSTOM_GET_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
 
   // Action should be processed synchronously in tests.
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   const SEARCH_STRING = "test";
   // Execute two XHRs and wait until they are finished.
-  const URLS = [SEARCH_SJS + "?value=test1", SEARCH_SJS + "?value=test2"];
+  const URLS = [
+    HTTPS_SEARCH_SJS + "?value=test1",
+    HTTPS_SEARCH_SJS + "?value=test2",
+  ];
 
   const wait = waitForNetworkEvents(monitor, 2);
   await SpecialPowers.spawn(tab.linkedBrowser, [URLS], makeRequests);
   await wait;
 
   // Open the Search panel
   store.dispatch(Actions.openSearch());
 
--- a/devtools/client/netmonitor/test/browser_net_security-redirect.js
+++ b/devtools/client/netmonitor/test/browser_net_security-redirect.js
@@ -4,16 +4,19 @@
 "use strict";
 
 /**
  * Test a http -> https redirect shows secure icon only for redirected https
  * request.
  */
 
 add_task(async function() {
+  // This test explicitly asserts http -> https redirects.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
     requestCount: 1,
   });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   store.dispatch(Actions.batchEnable(false));
 
--- a/devtools/client/netmonitor/test/browser_net_security-state.js
+++ b/devtools/client/netmonitor/test/browser_net_security-state.js
@@ -4,16 +4,19 @@
 "use strict";
 
 /**
  * Test that correct security state indicator appears depending on the security
  * state.
  */
 
 add_task(async function() {
+  // This test explicitly asserts some insecure domains.
+  await pushPref("dom.security.https_first", false);
+
   const EXPECTED_SECURITY_STATES = {
     "test1.example.com": "security-state-insecure",
     "example.com": "security-state-secure",
     "nocert.example.com": "security-state-broken",
     localhost: "security-state-secure",
   };
 
   const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
--- a/devtools/client/netmonitor/test/browser_net_security-tab-deselect.js
+++ b/devtools/client/netmonitor/test/browser_net_security-tab-deselect.js
@@ -4,16 +4,20 @@
 "use strict";
 
 /**
  * Test that security details tab is no longer selected if an insecure request
  * is selected.
  */
 
 add_task(async function() {
+  // This test needs to trigger http and https requests.
+  // Disable https-first to avoid blocking the HTTP request due to mixed content.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
     requestCount: 1,
   });
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
 
   store.dispatch(Actions.batchEnable(false));
 
--- a/devtools/client/netmonitor/test/browser_net_security-tab-visibility.js
+++ b/devtools/client/netmonitor/test/browser_net_security-tab-visibility.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Test that security details tab is visible only when it should.
  */
 
 add_task(async function() {
+  // This test explicitly asserts some insecure domains.
+  await pushPref("dom.security.https_first", false);
+
   const TEST_DATA = [
     {
       desc: "http request",
       uri: "http://example.com" + CORS_SJS_PATH,
       visibleOnNewEvent: false,
       visibleOnSecurityInfo: false,
       visibleOnceComplete: false,
       securityState: "insecure",
--- a/devtools/client/netmonitor/test/browser_net_send-beacon.js
+++ b/devtools/client/netmonitor/test/browser_net_send-beacon.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if beacons are handled correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(SEND_BEACON_URL, {
     requestCount: 1,
   });
   const { store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getSortedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
--- a/devtools/client/netmonitor/test/browser_net_simple-request-details.js
+++ b/devtools/client/netmonitor/test/browser_net_simple-request-details.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if requests render correct information in the details UI.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { monitor } = await initNetMonitor(SIMPLE_SJS, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
--- a/devtools/client/netmonitor/test/browser_net_sort-01.js
+++ b/devtools/client/netmonitor/test/browser_net_sort-01.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Test if sorting columns in the network table works correctly with new requests.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { monitor } = await initNetMonitor(SORTING_URL, { requestCount: 1 });
   info("Starting test... ");
 
   // It seems that this test may be slow on debug builds. This could be because
   // of the heavy dom manipulation associated with sorting.
   requestLongerTimeout(2);
--- a/devtools/client/netmonitor/test/browser_net_sort-02.js
+++ b/devtools/client/netmonitor/test/browser_net_sort-02.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Test if sorting columns in the network table works correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { monitor } = await initNetMonitor(SORTING_URL, { requestCount: 1 });
   info("Starting test... ");
 
   // It seems that this test may be slow on debug builds. This could be because
   // of the heavy dom manipulation associated with sorting.
   requestLongerTimeout(2);
--- a/devtools/client/netmonitor/test/browser_net_sort-reset.js
+++ b/devtools/client/netmonitor/test/browser_net_sort-reset.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Test if sorting columns in the network table works correctly.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { monitor } = await initNetMonitor(SORTING_URL, { requestCount: 1 });
   info("Starting test... ");
 
   // It seems that this test may be slow on debug builds. This could be because
   // of the heavy dom manipulation associated with sorting.
   requestLongerTimeout(2);
--- a/devtools/client/netmonitor/test/browser_net_stacktraces-visibility.js
+++ b/devtools/client/netmonitor/test/browser_net_stacktraces-visibility.js
@@ -4,16 +4,21 @@
 "use strict";
 
 /**
  * Tests that opening the stacktrace details panel in the netmonitor and console
  * show the expected stacktraces.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // Behind the scenes this test relies on one of the requests creating a 404
+  // which is not possible when using HTTPS with httpd.js
+  await pushPref("dom.security.https_first", false);
+
   const URL = EXAMPLE_URL + "html_single-get-page.html";
   const REQUEST =
     "http://example.com/browser/devtools/client/netmonitor/test/request_0";
 
   const { monitor } = await initNetMonitor(URL, {
     requestCount: 1,
   });
 
--- a/devtools/client/netmonitor/test/browser_net_status-codes.js
+++ b/devtools/client/netmonitor/test/browser_net_status-codes.js
@@ -3,16 +3,20 @@
 
 "use strict";
 
 /**
  * Tests if requests display the correct status code and text in the UI.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text with HTTPS requests to httpd.js, or 404...
+  await pushPref("dom.security.https_first", false);
+
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
   const { tab, monitor } = await initNetMonitor(STATUS_CODES_URL, {
     requestCount: 1,
   });
 
   info("Starting test... ");
 
--- a/devtools/client/netmonitor/test/browser_net_streaming-response.js
+++ b/devtools/client/netmonitor/test/browser_net_streaming-response.js
@@ -4,16 +4,21 @@
 "use strict";
 
 /**
  * Tests if reponses from streaming content types (MPEG-DASH, HLS) are
  * displayed as XML or plain text
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  // We cannot assert status text "OK" with HTTPS requests to httpd.js, instead
+  // we get "Connected"
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL, {
     requestCount: 1,
   });
 
   info("Starting test... ");
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests, getSortedRequests } = windowRequire(
--- a/devtools/client/netmonitor/test/browser_net_telemetry_edit_resend.js
+++ b/devtools/client/netmonitor/test/browser_net_telemetry_edit_resend.js
@@ -4,33 +4,35 @@
 "use strict";
 
 const ALL_CHANNELS = Ci.nsITelemetry.DATASET_ALL_CHANNELS;
 
 /**
  * Test the edit_resend telemetry event.
  */
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   // Remove all telemetry events (you can check about:telemetry).
   Services.telemetry.clearEvents();
 
   // Ensure no events have been logged
   const snapshot = Services.telemetry.snapshotEvents(ALL_CHANNELS, true);
   ok(!snapshot.parent, "No events have been logged for the main process");
 
   // Reload to have one request in the list.
   const waitForEvents = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await waitForEvents;
 
   // Open context menu and execute "Edit & Resend".
   const firstRequest = document.querySelectorAll(".request-list-item")[0];
   const waitForHeaders = waitUntil(() =>
     document.querySelector(".headers-overview")
   );
   EventUtils.sendMouseEvent({ type: "mousedown" }, firstRequest);
--- a/devtools/client/netmonitor/test/browser_net_telemetry_filters_changed.js
+++ b/devtools/client/netmonitor/test/browser_net_telemetry_filters_changed.js
@@ -4,17 +4,19 @@
 "use strict";
 
 const ALL_CHANNELS = Ci.nsITelemetry.DATASET_ALL_CHANNELS;
 
 /**
  * Test the filters_changed telemetry event.
  */
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   const { getDisplayedRequests } = windowRequire(
     "devtools/client/netmonitor/src/selectors/index"
   );
 
@@ -24,17 +26,17 @@ add_task(async function() {
   Services.telemetry.clearEvents();
 
   // Ensure no events have been logged
   const snapshot = Services.telemetry.snapshotEvents(ALL_CHANNELS, true);
   ok(!snapshot.parent, "No events have been logged for the main process");
 
   // Reload to have one request in the list.
   const wait = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await wait;
 
   info("Click on the 'HTML' filter");
   EventUtils.sendMouseEvent(
     { type: "click" },
     document.querySelector(".requests-list-filter-html-button")
   );
 
--- a/devtools/client/netmonitor/test/browser_net_telemetry_sidepanel_changed.js
+++ b/devtools/client/netmonitor/test/browser_net_telemetry_sidepanel_changed.js
@@ -4,33 +4,35 @@
 "use strict";
 
 const ALL_CHANNELS = Ci.nsITelemetry.DATASET_ALL_CHANNELS;
 
 /**
  * Test the sidepanel_changed telemetry event.
  */
 add_task(async function() {
-  const { monitor } = await initNetMonitor(SIMPLE_URL, { requestCount: 1 });
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
+    requestCount: 1,
+  });
   info("Starting test... ");
 
   const { document, store, windowRequire } = monitor.panelWin;
   const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
   store.dispatch(Actions.batchEnable(false));
 
   // Remove all telemetry events (you can check about:telemetry).
   Services.telemetry.clearEvents();
 
   // Ensure no events have been logged
   const snapshot = Services.telemetry.snapshotEvents(ALL_CHANNELS, true);
   ok(!snapshot.parent, "No events have been logged for the main process");
 
   // Reload to have one request in the list.
   const waitForEvents = waitForNetworkEvents(monitor, 1);
-  await navigateTo(SIMPLE_URL);
+  await navigateTo(HTTPS_SIMPLE_URL);
   await waitForEvents;
 
   // Click on a request and wait till the default "Headers" side panel is opened.
   info("Click on a request");
   const waitForHeaders = waitUntil(() =>
     document.querySelector(".headers-overview")
   );
   EventUtils.sendMouseEvent(
--- a/devtools/client/netmonitor/test/browser_net_timeline_ticks.js
+++ b/devtools/client/netmonitor/test/browser_net_timeline_ticks.js
@@ -5,17 +5,17 @@
 
 /**
  * Tests if timeline correctly displays interval divisions.
  */
 
 add_task(async function() {
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
-  const { monitor } = await initNetMonitor(SIMPLE_URL, {
+  const { monitor } = await initNetMonitor(HTTPS_SIMPLE_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   const { $, $all, NetMonitorView, NetMonitorController } = monitor.panelWin;
   const { RequestsMenu } = NetMonitorView;
 
   // Disable transferred size column support for this test.
--- a/devtools/client/netmonitor/test/browser_net_tracking-resources.js
+++ b/devtools/client/netmonitor/test/browser_net_tracking-resources.js
@@ -3,17 +3,17 @@
 
 "use strict";
 
 const { UrlClassifierTestUtils } = ChromeUtils.import(
   "resource://testing-common/UrlClassifierTestUtils.jsm"
 );
 
 const TEST_URI =
-  "http://example.com/browser/devtools/client/" +
+  "https://example.com/browser/devtools/client/" +
   "netmonitor/test/html_tracking-protection.html";
 
 registerCleanupFunction(function() {
   UrlClassifierTestUtils.cleanupTestTrackers();
 });
 
 /**
  * Test that tracking resources are properly marked in the Network panel.
--- a/devtools/client/netmonitor/test/browser_net_truncate-post-data.js
+++ b/devtools/client/netmonitor/test/browser_net_truncate-post-data.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Bug 1542172 -
  * Verifies that requests with large post data are truncated and error is displayed.
  */
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { monitor, tab } = await initNetMonitor(POST_JSON_URL, {
     requestCount: 1,
   });
 
   info("Starting test... ");
 
   const { L10N } = require("devtools/client/netmonitor/src/utils/l10n");
 
--- a/devtools/client/netmonitor/test/browser_net_use_as_fetch.js
+++ b/devtools/client/netmonitor/test/browser_net_use_as_fetch.js
@@ -3,16 +3,19 @@
 
 "use strict";
 
 /**
  * Tests if Use as Fetch works.
  */
 
 add_task(async function() {
+  // Using https-first for this test is blocked on Bug 1733420.
+  await pushPref("dom.security.https_first", false);
+
   const { tab, monitor, toolbox } = await initNetMonitor(CURL_URL, {
     requestCount: 1,
   });
   info("Starting test... ");
 
   // GET request, no cookies (first request)
   await performRequest("GET");
   await testConsoleInput(`await fetch("http://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs", {
--- a/devtools/client/netmonitor/test/browser_net_websocket_stacks.js
+++ b/devtools/client/netmonitor/test/browser_net_websocket_stacks.js
@@ -2,17 +2,17 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 // Test that we get stack traces for the network requests made when creating
 // web sockets on the main or worker threads.
 
 const TOP_FILE_NAME = "html_websocket-test-page.html";
-const TOP_URL = EXAMPLE_URL + TOP_FILE_NAME;
+const TOP_URL = HTTPS_EXAMPLE_URL + TOP_FILE_NAME;
 const WORKER_FILE_NAME = "js_websocket-worker-test.js";
 
 const EXPECTED_REQUESTS = {
   [TOP_URL]: {
     method: "GET",
     url: TOP_URL,
     causeType: "document",
     causeUri: null,
@@ -23,30 +23,34 @@ const EXPECTED_REQUESTS = {
     url: "ws://localhost:8080/",
     causeType: "websocket",
     causeUri: TOP_URL,
     stack: [
       { fn: "openSocket", file: TOP_URL, line: 6 },
       { file: TOP_FILE_NAME, line: 3 },
     ],
   },
-  [EXAMPLE_URL + WORKER_FILE_NAME]: {
+  [HTTPS_EXAMPLE_URL + WORKER_FILE_NAME]: {
     method: "GET",
-    url: EXAMPLE_URL + WORKER_FILE_NAME,
+    url: HTTPS_EXAMPLE_URL + WORKER_FILE_NAME,
     causeType: "script",
     causeUri: TOP_URL,
     stack: [{ file: TOP_URL, line: 9 }],
   },
   "wss://localhost:8081/": {
     method: "GET",
     url: "wss://localhost:8081/",
     causeType: "websocket",
     causeUri: TOP_URL,
     stack: [
-      { fn: "openWorkerSocket", file: EXAMPLE_URL + WORKER_FILE_NAME, line: 5 },
+      {
+        fn: "openWorkerSocket",
+        file: HTTPS_EXAMPLE_URL + WORKER_FILE_NAME,
+        line: 5,
+      },
       { file: WORKER_FILE_NAME, line: 2 },
     ],
   },
 };
 
 add_task(async function() {
   // Load a different URL first to instantiate the network monitor before we
   // load the page we're really interested in.
--- a/devtools/client/netmonitor/test/browser_net_worker_stacks.js
+++ b/devtools/client/netmonitor/test/browser_net_worker_stacks.js
@@ -2,19 +2,19 @@
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 // Test that we get stack traces for the network requests made when starting or
 // running worker threads.
 
 const TOP_FILE_NAME = "html_worker-test-page.html";
-const TOP_URL = EXAMPLE_URL + TOP_FILE_NAME;
+const TOP_URL = HTTPS_EXAMPLE_URL + TOP_FILE_NAME;
 const WORKER_FILE_NAME = "js_worker-test.js";
-const WORKER_URL = EXAMPLE_URL + WORKER_FILE_NAME;
+const WORKER_URL = HTTPS_EXAMPLE_URL + WORKER_FILE_NAME;
 
 const EXPECTED_REQUESTS = [
   {
     method: "GET",
     url: TOP_URL,
     causeType: "document",
     causeUri: null,
     stack: false,
@@ -27,57 +27,57 @@ const EXPECTED_REQUESTS = [
     stack: [
       { fn: "startWorkerInner", file: TOP_URL, line: 11 },
       { fn: "startWorker", file: TOP_URL, line: 8 },
       { file: TOP_URL, line: 4 },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "missing1.js",
+    url: HTTPS_EXAMPLE_URL + "missing1.js",
     causeType: "script",
     causeUri: TOP_URL,
     stack: [
       { fn: "importScriptsFromWorker", file: WORKER_URL, line: 14 },
       { file: WORKER_URL, line: 10 },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "missing2.js",
+    url: HTTPS_EXAMPLE_URL + "missing2.js",
     causeType: "script",
     causeUri: TOP_URL,
     stack: [
       { fn: "importScriptsFromWorker", file: WORKER_URL, line: 14 },
       { file: WORKER_URL, line: 10 },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "js_worker-test2.js",
+    url: HTTPS_EXAMPLE_URL + "js_worker-test2.js",
     causeType: "script",
     causeUri: TOP_URL,
     stack: [
       { fn: "startWorkerFromWorker", file: WORKER_URL, line: 7 },
       { file: WORKER_URL, line: 3 },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "missing.json",
+    url: HTTPS_EXAMPLE_URL + "missing.json",
     causeType: "xhr",
     causeUri: TOP_URL,
     stack: [
       { fn: "createJSONRequest", file: WORKER_URL, line: 22 },
       { file: WORKER_URL, line: 18 },
     ],
   },
   {
     method: "GET",
-    url: EXAMPLE_URL + "missing.txt",
+    url: HTTPS_EXAMPLE_URL + "missing.txt",
     causeType: "fetch",
     causeUri: TOP_URL,
     stack: [
       { fn: "fetchThing", file: WORKER_URL, line: 29 },
       { file: WORKER_URL, line: 26 },
     ],
   },
 ];
--- a/devtools/client/netmonitor/test/head.js
+++ b/devtools/client/netmonitor/test/head.js
@@ -76,16 +76,18 @@ const API_CALLS_URL = HTTPS_EXAMPLE_URL 
 const SIMPLE_URL = EXAMPLE_URL + "html_simple-test-page.html";
 const HTTPS_SIMPLE_URL = HTTPS_EXAMPLE_URL + "html_simple-test-page.html";
 const NAVIGATE_URL = EXAMPLE_URL + "html_navigate-test-page.html";
 const CONTENT_TYPE_WITHOUT_CACHE_URL =
   EXAMPLE_URL + "html_content-type-without-cache-test-page.html";
 const CONTENT_TYPE_WITHOUT_CACHE_REQUESTS = 8;
 const CYRILLIC_URL = EXAMPLE_URL + "html_cyrillic-test-page.html";
 const STATUS_CODES_URL = EXAMPLE_URL + "html_status-codes-test-page.html";
+const HTTPS_STATUS_CODES_URL =
+  HTTPS_EXAMPLE_URL + "html_status-codes-test-page.html";
 const POST_DATA_URL = EXAMPLE_URL + "html_post-data-test-page.html";
 const POST_ARRAY_DATA_URL = EXAMPLE_URL + "html_post-array-data-test-page.html";
 const POST_JSON_URL = EXAMPLE_URL + "html_post-json-test-page.html";
 const POST_RAW_URL = EXAMPLE_URL + "html_post-raw-test-page.html";
 const POST_RAW_URL_WITH_HASH = EXAMPLE_URL + "html_header-test-page.html";
 const POST_RAW_WITH_HEADERS_URL =
   EXAMPLE_URL + "html_post-raw-with-headers-test-page.html";
 const PARAMS_URL = EXAMPLE_URL + "html_params-test-page.html";
@@ -96,34 +98,38 @@ const JSON_CUSTOM_MIME_URL =
   EXAMPLE_URL + "html_json-custom-mime-test-page.html";
 const JSON_TEXT_MIME_URL = EXAMPLE_URL + "html_json-text-mime-test-page.html";
 const JSON_B64_URL = EXAMPLE_URL + "html_json-b64.html";
 const JSON_BASIC_URL = EXAMPLE_URL + "html_json-basic.html";
 const JSON_EMPTY_URL = EXAMPLE_URL + "html_json-empty.html";
 const FONTS_URL = EXAMPLE_URL + "html_fonts-test-page.html";
 const SORTING_URL = EXAMPLE_URL + "html_sorting-test-page.html";
 const FILTERING_URL = EXAMPLE_URL + "html_filter-test-page.html";
+const HTTPS_FILTERING_URL = HTTPS_EXAMPLE_URL + "html_filter-test-page.html";
 const INFINITE_GET_URL = EXAMPLE_URL + "html_infinite-get-page.html";
 const CUSTOM_GET_URL = EXAMPLE_URL + "html_custom-get-page.html";
 const HTTPS_CUSTOM_GET_URL = HTTPS_EXAMPLE_URL + "html_custom-get-page.html";
 const SINGLE_GET_URL = EXAMPLE_URL + "html_single-get-page.html";
 const HTTPS_SINGLE_GET_URL = HTTPS_EXAMPLE_URL + "html_single-get-page.html";
 const STATISTICS_URL = EXAMPLE_URL + "html_statistics-test-page.html";
 const CURL_URL = EXAMPLE_URL + "html_copy-as-curl.html";
-const CURL_UTILS_URL = EXAMPLE_URL + "html_curl-utils.html";
+const HTTPS_CURL_URL = HTTPS_EXAMPLE_URL + "html_copy-as-curl.html";
+const HTTPS_CURL_UTILS_URL = HTTPS_EXAMPLE_URL + "html_curl-utils.html";
 const SEND_BEACON_URL = EXAMPLE_URL + "html_send-beacon.html";
 const CORS_URL = EXAMPLE_URL + "html_cors-test-page.html";
+const HTTPS_CORS_URL = HTTPS_EXAMPLE_URL + "html_cors-test-page.html";
 const PAUSE_URL = EXAMPLE_URL + "html_pause-test-page.html";
 const OPEN_REQUEST_IN_TAB_URL = EXAMPLE_URL + "html_open-request-in-tab.html";
 const CSP_URL = EXAMPLE_URL + "html_csp-test-page.html";
 const CSP_RESEND_URL = EXAMPLE_URL + "html_csp-resend-test-page.html";
-const IMAGE_CACHE_URL = EXAMPLE_URL + "html_image-cache.html";
+const IMAGE_CACHE_URL = HTTPS_EXAMPLE_URL + "html_image-cache.html";
 const SLOW_REQUESTS_URL = EXAMPLE_URL + "html_slow-requests-test-page.html";
 
 const SIMPLE_SJS = EXAMPLE_URL + "sjs_simple-test-server.sjs";
+const HTTPS_SIMPLE_SJS = HTTPS_EXAMPLE_URL + "sjs_simple-test-server.sjs";
 const SIMPLE_UNSORTED_COOKIES_SJS =
   EXAMPLE_URL + "sjs_simple-unsorted-cookies-test-server.sjs";
 const CONTENT_TYPE_SJS = EXAMPLE_URL + "sjs_content-type-test-server.sjs";
 const WS_CONTENT_TYPE_SJS = WS_HTTP_URL + "sjs_content-type-test-server.sjs";
 const WS_WS_CONTENT_TYPE_SJS = WS_URL + "sjs_content-type-test-server.sjs";
 const HTTPS_CONTENT_TYPE_SJS =
   HTTPS_EXAMPLE_URL + "sjs_content-type-test-server.sjs";
 const SERVER_TIMINGS_TYPE_SJS =
@@ -131,16 +137,17 @@ const SERVER_TIMINGS_TYPE_SJS =
 const STATUS_CODES_SJS = EXAMPLE_URL + "sjs_status-codes-test-server.sjs";
 const SORTING_SJS = EXAMPLE_URL + "sjs_sorting-test-server.sjs";
 const HTTPS_REDIRECT_SJS = EXAMPLE_URL + "sjs_https-redirect-test-server.sjs";
 const CORS_SJS_PATH =
   "/browser/devtools/client/netmonitor/test/sjs_cors-test-server.sjs";
 const HSTS_SJS = EXAMPLE_URL + "sjs_hsts-test-server.sjs";
 const METHOD_SJS = EXAMPLE_URL + "sjs_method-test-server.sjs";
 const SLOW_SJS = EXAMPLE_URL + "sjs_slow-test-server.sjs";
+const HTTPS_SLOW_SJS = HTTPS_EXAMPLE_URL + "sjs_slow-test-server.sjs";
 const SET_COOKIE_SAME_SITE_SJS = EXAMPLE_URL + "sjs_set-cookie-same-site.sjs";
 const SEARCH_SJS = EXAMPLE_URL + "sjs_search-test-server.sjs";
 const HTTPS_SEARCH_SJS = HTTPS_EXAMPLE_URL + "sjs_search-test-server.sjs";
 
 const HSTS_BASE_URL = EXAMPLE_URL;
 const HSTS_PAGE_URL = CUSTOM_GET_URL;
 
 const TEST_IMAGE = EXAMPLE_URL + "test-image.png";
--- a/devtools/client/netmonitor/test/html_tracking-protection.html
+++ b/devtools/client/netmonitor/test/html_tracking-protection.html
@@ -8,14 +8,14 @@
   </head>
   <body>
     <script type="text/javascript">
       /* exported performRequests */
       "use strict";
 
       function performRequests() {
         const xhr = new XMLHttpRequest();
-        xhr.open("GET", "http://tracking.example.org/", true);
+        xhr.open("GET", "https://tracking.example.org/", true);
         xhr.send(null);
       }
     </script>
   </body>
 </html>