I did a search and could not find an answer on here to my question. What I am confused about is what URLs on an https page need to be https, as opposed to http.
I am making a series of pages my website that must be accessed over https. At the top of the pages is a menu. I accidentally included a style sheet into the page using http, instead of https, and all the browsers I tried gave me a warning about insecure content. But, I can leave the menu links at the top of the page http, and there’s no problem.
So, am I correct in saying that things that are being loaded onto the page, such as style sheets and images, need to have https in the link, but that plain old href links can just have http in them?
Thanks for your advice.
Generally your secure pages such as purchase page, credit card etc processing pages are set to
httpsor sometimes all pages such as websites for banks or other financial institutes or even login pages.You can leave it to browser to deciper
httporhttpspart by using what is called protocol-relative URLS in which you simply do not specify either ofhttporhttpsand still browser will be able to figure it out. An example:Let’s say your domain is
foo.com, you would specify all URLs like:So you simply leave the
httporhttpspart in your URLs.To know more about protocol-relative URLS, see: