Stop Referencing Http and Https

The web is maturing and as the social web picks up momentum, secure portions of the web are becoming even more ubiquitous. One consequence of this trend is the cross referencing of other sites and assets, be it through CDNs, APIs, or sophisticated templating architectures, keeping tabs on where to reference what securely can become a bit of a headache.

A common issue many web developers face is referencing a global asset in a template that will be both called "insecurely" using http://, say in the shopping section of a site, and "securely" using https:// when the user runs through the checkout. If you have a logo image being called using the reference http://www.site.com/images/logo.png, your users may see a security conflict saying that some items on the page may not be secure. For the most part, this isn't a security issue, but any security alert is enough to send a user and a potential conversion running, so it's best to ensure an alert free experience regardless.

You could spend development time creating special conditionals to make the necessary changes when needed but there's a much smarter and more efficient way of doing things, just drop the http: and https: altogether. That's right, if you simply begin referencing assets, from images to stylesheets to javascripts, without the leading http: or https: and just use // instead, you will never run into problems. The browser will put the right one in, non-secure pages will get http:// and secure pages will get https://, and your users will never see an error, at least not one relating to non-secure assets being used on a secure page.

Bad Habit...

<a href="http://www.bad-habit.com" title="Bad...">The Olden Days</a>  

Bad Habit...
<a href="https://www.bad-habit.com" title="Bad...">Geocities Style</a>

Good Habit!
<a href="//www.good-habit.com" title="Good!">Lean and Mean!</a>

But what about all those times in the past where you've referenced the protocol directly? Just run a find-replace for http: and https: with an empty replace field for all of your old files and you can get old sites and files up to date post haste! And you don't need to worry about only applying the change to certain asset types, no matter what the reference or URL is, it will work just fine without the protocol stated.

Another perk, if you're looking for more low-hanging optimizations, you can trim a few bits off your site with each reference you switch. If you're serving tens of millions of pages a month on a thousand page site, it can add up!

Get in the Habit: Stop referencing assets with http:// or https://, and start using just //, let the browser do the rest!