[WordPress] Plugin to prevent speed-costly redirects from HTTP to HTTPS for emoji URLs. Requires WordPress 4.2 up to 4.4.1. Emoji URLs have been fixed in WordPress core as of 4.4.2: https://core.trac.wordpress.org/ticket/35376

emoji-rocket.php

<?php
/**
 * Plugin Name: Emoji Rocket 🚀
 * Description: Prevents speed-costly redirects from HTTP to HTTPS for emoji URLs. Requires WordPress 4.2 up to 4.4.1.
 * Version:     0.5
 * Author:      Caspar Hübinger
 * Author URI:  https://profiles.wordpress.org/glueckpress
 * Plugin URI:  https://gist.github.com/glueckpress/f949119dbd968917f803
 * License:     GNU General Public License v3 or later
 * License URI: http://www.gnu.org/licenses/gpl-3.0.html
 */

defined( 'ABSPATH' ) or die( 'You know better.' );

/**
 * The emoji CDN on s.w.org was added in WordPress 4.2. 
 * URLs were fixed in 4.4.2, so let’s bail early in case we’re below 4.2, or greater than 4.4.1.
 *
 * @link https://core.trac.wordpress.org/ticket/31651
 * @link https://core.trac.wordpress.org/ticket/35376
 */
if ( version_compare( $GLOBALS['wp_version'], '4.2' ) < 0 || version_compare( $GLOBALS['wp_version'], '4.4.1' ) > 0 )
	return;

/**
 * Load plugin.
 *
 * @return void
 */
function emoji_rocket() {

	/**
	 * We only need to proceed if this site is not SSL, because set_url_scheme()
	 * will only apply https to emoji requests if our local site is SSL, too.
	 *
	 * @link http://glck.be/7298/
	 */
	if ( is_ssl() )
		return;

	// SSL up and running on s.w.org?
	$maybe_remote_ssl = get_transient( 'emoji_rocket__remote_ssl_check' );

	/* s.w.org should have SSL enabled.
	 * However, in case SSL is down for whatever reason, let’s just stop here.
	 */
	if ( 'nope' === $maybe_remote_ssl )
	 	return;

	/* By now we can be sure, our default emoji URL does in fact has SSL,
	 * so let’s filter all emoji URLs to call them with HTTPS directly.
	 */
	add_filter( 'emoji_url', 'emoji_rocket__force_https' );
}
add_action( 'plugins_loaded', 'emoji_rocket' );

/**
 * Forces HTTPS for emojis URLs requested from their default location on w.org.
 *
 * @param  string $url Default emoji URL
 * @return string      Emoji URL with forced HTTPS
 */
function emoji_rocket__force_https( $url ) {

	/* Checking once more in case URL has been filtered already and is not the
	 * default one anymore.
	 */
	if ( 0 !== stripos( $url, 'http://s.w.org/images/core/emoji/72x72/' ) )
		return $url;

	$url = set_url_scheme( $url, 'https' );

	return $url;
}

/**
 * Occasional check whether s.w.org’s SSL certificate is still up.
 *
 * Props @BoiteAWeb for pointing out this should be done on shutdown rather than
 * early on plugins_loaded. Also thanks for hints to wp_remote_ utilities!
 *
 * @return void
 */
function emoji_rocket__maybe_remote_ssl() {

	/* We’ll intentionally request our sample via HTTP, because if https is
	 * available, we will be redirected to HTTPS and will be able to know so by
	 * checking the head’s location.
	 * However, let’s do this only once per hour in order to not unnessecarily
	 * flood w.org with request.
	 */
	$response = wp_remote_head( 'http://s.w.org/images/core/emoji/72x72/1f44b.png' );

	// Location, if set, will present our factual remote HTTPS URL.
	$url = wp_remote_retrieve_header( $response, 'location' );

	$maybe_remote_ssl = set_transient(
		'emoji_rocket__remote_ssl_check',
		( 0 === stripos( $url, 'https://' ) ) ? 'yes' : 'nope',
		HOUR_IN_SECONDS
	);
}
add_action( 'shutdown', 'emoji_rocket__maybe_remote_ssl' );