I've been maintaining some documentation websites for a few years, all using https, and all of them being read-only.
What are the factual pros of using https in that context, i.e. when no sensitive information is ever sent from the client to the server?
My question is fundamentally tied to the fact that every single article or opinion that I read on the subject asserts that https MUST always be used. I'd like to understand why everybody seems to agree on this.
Just to be clear: I'm not asking for opinions. I'm asking for facts, that can be backed up by articles and studies. I'm asking what https bring to websites that don't transmit sensitive data to the server.
https on a website aims to ensure:
confidentiality, preventing third parties (e.g. a rogue wifi hotspot in the coffee-shop down the corner) to know what your audience is reading. If your documents are public and do not contain trade secrets, you may not care. But maybe some of your readers want to protect their confidentiality, and in some cases even for legitimate purpose.
integrity, preventing third parties to tamper the content you are distributing. Without https, a hacker could insert in your legitimate content malicious elements (e,g. adding an img crafted to cause a buffer overflow). Your users may trust your content and get harmful content that you are not aware off. So https prevents exposing your audience to such unnecessary risks (example; quantum insert attack on the web, or on mobile networks)
In the area of software documentation, the integrity is even more important, as software developers are targets of supply chain attacks.