A few thoughts, not in any particular order.
One minor little addendum to HTTPS - the main MitM player being knocked aside are ISPs who have been stripping/inserting ads. This, of course, explains a good bit of Google's/Chrome's efforts to cast all HTTP sites as 'insecure' even when there is nothing particularly important in the connection/stream to secure.
The next major shift is likely to be some version of Elon Musk's 4-thousand-plus low orbit satellite network, if not him, then perhaps Boeing-OneWeb, China, or India. Such a system could severely impact both hard wired and cellular networks.
While they overlap, the Web and the wider Internet are not synonymous. The WWW itself is currently splintered into public, deep, and dark. Plus barriers such as China's 'Great Firewall' mean that networks will likely proliferate with both legal and extralegal connections shifting over time. Various prohibitions will increase the power and value of hackers/crackers and programmers generally. And the penalties for associated misdemeanours.
The techtonic collisions of economic/political/social jurisdictions and corporations will increase in number and severity in battles of C3I (command, control, communication, intelligence) dominance.
SME on the web have increasingly been suffering the WalMart Effect as enterprise sites move into general search results and dominate third party ad spend (for over a decade now). This means that adjustments in offerings, in marketing, and in audience locating are increasingly necessary.
Some intersection of HUD and 3-D portable hologram is likely in the next decade either eliminating or exasperating current multiple device screen display angst. Regardless, in the more near future Progressive Web Apps (now that Apple is onboard with Service Workers in WebKit development
[webmasterworld.com]) will change - once again - how sites design for and interact with their visitors.
The ridiculous expansion of networking everything just because and without a single thought to security (Hello IoT!) is already running into systems no longer being made or supported and liability claims up the yingyang. I hope that as the ramifications end up in court and impacting bottom lines privacy and security best practices, minimums will begin to be mandated. Amusing that infrastructure security may actually be driven by consumer protection.
Bots are truly something. It is increasingly difficult and complex to separate the 'best' bots from human visitors. Given that one of my differential (direct ad space) selling points is that my ad/af visitor stats are as close to 100% human as possible and not the typical bot-human blend found elsewhere it is critical that I (and my clients) have confidence in not only my methodology/system but also in it's associated false acceptance rate (FAR) and false rejection rate (FRR). Perfection is receding. Rapidly.
---What is not developing is a practical individual user use case. I can theorise some but none are on any horizon I can view at the moment.
Responsive design is pretty much awash at the moment: everyone is 'doing' it by simply using media queries to flow some one (usually desktop) layout. A few have (re)designed from a mobile first perspective that adds bits as viewports increase in size. A very very few are serving not just content differently but actual different content depending on visitor context. Most of this is very 'OR', i.e. one home page content for first time visitors another for returning. A very little is where I see the future of the web: content as personalised as what is known of the visitors context allows. Where not just the layout but the content itself is fluid. Which brings up all sorts of privacy and security and jurisdiction issues. And a whole new backend and expertise until plug-n-play finds a way. And plays hob with ye olde SE query return methodology.