Akamai ruleset breaks steamcommunity.com in plaintext HTTP
I get a CSP error when loading steamcommunity urls over HTTP. HTTPS Everywhere has Steam and Steam Community rulesets disabled by default, but Akamai is enabled. Steam's servers send CSP headers for http://akamai when accessed over HTTP, and https://akamai when accessed over HTTPS.
URL tested
http://steamcommunity.com/market
Error message
Content Security Policy: The page's settings blocked the loading of a resource at https://steamcommunity-a.akamaihd.net/public/javascript/modalContent.js?v=XZKI05CNhf-y&l=english ("script-src http://steamcommunity.com 'unsafe-inline' 'unsafe-eval' http://steamcommunity-a.akamaihd.net https://api.steampowered.com http://www.google-analytics.com https://ssl.google-analytics.com").
Workaround
Page works if I enable Steam and Steam Community rulesets.
I am unable to include CSP headers in the ticket description because Trac flags the ticket as spam. If possible, I will include headers in comments.