Not sure what app you’re talking about. But in general port 443 is used for HTTPS / SSL communication. Unless explicitely required: only outbound TCP is required to be established per app. Comodo don’t care, it has a statefull packet filter, ie., by app, by protocol by port (its either allowed explicitely or implicitely denied).
My browser, IE8, has the following rules:
Allow TCP out from in [local_0] to in [local_127] where source port is any destination port is in [843]
Allow TCP out from in [local_0] to in [local_127] where source port is any destination port is in [80 / 443]
Allow TCP out from in [local_0] to in [local_127] where source port is any destination port is in [5152]
Allow TCP out from in [NIC] to MAC any where source port is any destination port is in [HTTP ports]
Allow TCP out from in [NIC] to MAC any where source port is any destination port is in [Adobe RTMP]
Allow TCP out from in [NIC] to in [webcs.yahoo] where source port is any destination port is in [5050 / 843]
where local_0 and local_127 are locasl loopback, i.e., 0.0.0.0 and 127.0.0.1
HTTP ports = 80, 81, 443 & 8080
Adobe RTMP = 843, 1935
webcs.yahoo = Yahoo web-mail servers
These are the ‘mining truck’ wules that handle 99.9% of IE internet connection attempts. Alerts that invariably appear for IE will be because outbound TCP communication is attempted on some port other than those specified above. Ports other than specified are for special content delivered by web-sites and are approved ad hoc (but never remembered). Special content can be animation, music, Flash, Silverlight, et ali. Unless a URL is frequently visited requiring access to a particular port, why create a rule for it?
Most TCP will be on port 80, but when login or other secure info is transmitted, a connection will be made on port 443. Sometimes URLs are used exclusively for port 80, sometimes for port 443 (and someimtes the same URL will do both). I implement network zones heavily.
My naming convention is:
host name, e.g. webcs.yahoo
app name
port (if other than 80)
If I see a URL in a port 443 network zone already in a port 80 network zone for the same app, I merge the two URLs into a shared network zone for that app (specified with suffix 80/443). Then I create a rule using that shared zone and specify destination port 80 / 443. So that app will have one rule for port 80 only, one rule for 80 / 443 and one rule for 443 only (per network zone).
I use Whois to get the host name of the domain a URL resides in.