Skip to Content
OpportunitiesTechnicalSite IssuesSecurityProtocol-Relative Resource Links

Protocol-Relative Resource Links

What This Means

URLs that load resources such as images, JavaScript and CSS using protocol-relative links. A protocol-relative link is simply a link to a URL without specifying the scheme (for example, //getasky.com, which is missing https:). It helps save developers time from having to specify the protocol and lets the browser determine it based upon the current connection to the resource. However, this technique is now an anti-pattern with HTTPS everywhere, and can expose some sites to ‘man in the middle’ compromises and performance issues

What Triggers This Issue

This issue is triggered when a URL that loads resources such as images, JavaScript and CSS uses protocol-relative links. For example:

<img src="//getasky.com/froggy.jpg" alt="your site" />

How To Fix

Update any resource links to be absolute links including the scheme (HTTPS) to avoid security and performance issues.

← Back to Security

Last updated on
Mixed ContentUnsafe Cross Origin Links