I don't know anybody who types https or http before typing a URL. Some older people I know type www, but even that has decreased in the last 10 or so years.

The worst thing is some websites do understand what HTTPS is but still refused to deploy it, and to handle users who consciously type https://, they deployed a valid HTTPS certificate on the webserver and issues 301s to redirect them back to http://. slashdot.org used to do this, bbc.co.uk still does it, what a shame. I know it's often a stop-gap measure to prepare for the upcoming universal deployment, but it seemed most websites that use this hack don't have any plan to secure their sites.