Last Updated: May 05, 2022
·
3.297K
· hannesg

Leave the protocol away!

HTTP is not the only protocol. Clients can very well decide which one to use and if they choose one they usually want to use it for everything.

Therefore you should simply omit the protocol in html, css, javascript and everything else that is on your website unless the URI points to a external resource. The browser can then choose HTTP, HTTPS, SPDY or whatever your webserver or CDN offers. This has furthermore the advantage that you'll never see a warning that some contents on a HTTPS-encrypted site are unencrypted, because the browser always uses the right protocol. So replace this:

<script src="http://foo.bar/js.js"></script>
<img src="http://foo.bar/img.png" />

with this:

<script src="//foo.bar/js.js"></script>
<img src="//foo.bar/img.png" />

Clients accessing your site via HTTP will fetch the files using HTTP, clients using HTTPS will fetch using HTTPS and so on.

Before you ask: yes, this behavior is specified ( rfc 3980 ) and browser support is good ( except IE 6 [sic] ).

2 Responses
Add your response

Of course, that'll only work if the resources are indeed available using whatever protocol the page was loaded with. As long as you're aware of that, all is good; as soon as you forget it, you start wondering what the hell is wrong with your site.

Note that this is perfect for Google's CDN — including webfonts — as they just support everything you throw at them.

over 1 year ago ·

one note - i'm pretty sure outlook doesn't support this, so make sure that you're only doing this on actual web pages, and not in html emails. i can't find a good source to back me up - my google searches keep returning nothing but articles on email etiquette - but i'm 99% sure that's the case.

over 1 year ago ·