What URLs on an https page need to be https?

2018-06-21 22:13:15

I did a search and could not find an answer on here to my question. What I am confused about is what URLs on an https page need to be https , as opposed to http .

I am making a series of pages my website that must be accessed over https . At the top of the pages is a menu. I accidentally included a style sheet into the page using http , instead of https , and all the browsers I tried gave me a warning about insecure content. But, I can leave the menu links at the top of the page http , and there's no problem.

So, am I correct in saying that things that are being loaded onto the page, such as style sheets and images, need to have https in the link, but that plain old href links can just have http in them?

Thanks for your advice.

Generally your secure pages such as purchase page, credit card etc processing pages are set to https or sometimes all pages such as websites for banks or other financial institutes or even login pages.

You can leave it to browser to deciper http or https part by using what is called protocol-relative URLS in which you simply do not specify either of http or https and still browser will be able to figure it out. An example:

//example.com
//google.com

Let's say your domain is foo.com , you would specify all URLs like:

//foo.com/page1.html
//foo.com/otherpage

So you simply leave the http or https part in your URLs.

To know more about protocol-relative URLS, see:

http://paulirish.com/2010/the-protocol-relative-url/

Yes, all links that are used to create the page itself (the HTML, the CSS, JavaScript, the images) need to be served over https . That means all URLs of that domain need to be served over https .

Links to other websites can be http just fine. You may want to check if those links can be visited over https as well because then the user will use a secure connection to visit those website as well.

链接地址: http://www.djcxy.com/p/61546.html

上一篇: 什么时候存在什么规则！T被使用vs！0？

下一篇: https页面上的哪些网址需要为https？