.app domain names are pre-loaded with HTTP Strict Transport Security (HSTS), which means that the domain will always default to the HTTPS:// protocol, rather than HTTP://.
This means that any .app domain name must use an Secure Sockets Layer (SSL) certificate, otherwise a warning will display.
You can purchase an SSL certificate from your Customer Control Panel.