This matters for user security. I didn't touch blog posts & pages related to past conferences. The `content/docs` could be HTTPS-ified as well but it contains lots of HTTP links so maybe that'd be best done in a separate PR.