You are able to see the ALG:http displayed in the output you provided because it is by default implemented in the device, this feature is not under the hierarchy level of >show security alg status, as you already noted
user@host# run show security alg status
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Disabled
MGCP : Disabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Disabled
SCCP : Disabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled
Instead of that you can see it under root@Juniper# show applications application WEB_80--à(WEB_80 is just a name)
In order to deactivate this feature you can do the following:
root@tux# show applications application WEB_80
application-protocol ignore;
protocol tcp;
destination-port 80;
inactivity-timeout 9600;