If I've understood you correctly, if I were to block HTTP then I would have to permit each individual website I wanted to visit.

I'm probably about to demonstrate the limit of my technical knowledge here, but isn't it possible to just block the unauthorised incoming requests?

It's not practical to individually permit each website, so allowing HTTP while browsing would appear to be the only option. This then leaves a hole in my security.

What is the difference between HTTP and non-HTTP requests and the threats they pose.

Regards.