A protocol-relative resource link is a URL that begins with a `//` instead of `http://` or `https://`. This was once a common practice to allow a browser to choose the protocol for a resource based on the protocol of the page it was on. However, in today’s world where HTTPS is the standard, this is an outdated and insecure practice that can lead to mixed content issues and harm your SEO.

Think of it as giving someone a key that could open either a secure or an unsecure door. While it might seem flexible, it creates an unnecessary risk. For a broader look at website security, see our guide on the security category.

An illustration of an unlocked padlock, symbolizing the importance of fixing protocol-relative resource links.

Why Protocol-Relative Links Are a Problem

As explained in this guide to protocol-relative URLs from Screaming Frog, this practice is no longer recommended.

  • Mixed Content Issues: If an HTTPS page uses a protocol-relative link to load an HTTP resource, it will result in a mixed content warning in the browser. This is a security vulnerability that can be exploited by attackers.
  • Negative SEO Signals: Mixed content is a negative signal to search engines, as it indicates a poorly configured and insecure website.

A Step-by-Step Guide to Fixing Protocol-Relative Links

The goal is to ensure that all of your resource links are absolute URLs that explicitly use the `https://` protocol. For more on the importance of HTTPS, check out this guide from Google.

Code Example: The Fix

<!-- Before: Protocol-relative link --> <script src="//example.com/script.js"></script> <!-- After: Absolute HTTPS link --> <script src="https://example.com/script.js"></script>
  1. Crawl Your Site: Use an SEO audit tool like Creeper to identify all protocol-relative resource links.
  2. Update Your Code: Work with your developer to replace all instances of `//` at the beginning of a URL with `https://`.
  3. Validate the Fix: Recrawl your site to confirm that all protocol-relative links have been updated.

Frequently Asked Questions

What is a protocol-relative link?

A protocol-relative link is a URL that begins with `//` instead of `http://` or `https://`. It was once used to make a browser automatically choose the correct protocol based on the protocol of the page it was on. However, this is now an outdated and insecure practice.

Why are protocol-relative links bad for SEO?

Protocol-relative links are bad for SEO because they can cause mixed content issues, where an HTTPS page loads an HTTP resource. This is a security vulnerability that can lead to browser warnings and a loss of user trust. It’s also a negative signal to search engines, which prioritize secure websites.

How do I fix protocol-relative links?

The fix is to replace all protocol-relative links with absolute URLs that explicitly state the `https://` protocol. You can use a website crawler like Creeper to find all instances of protocol-relative links on your site, and then update your code to use the secure, absolute version.

Ready to secure your pages? Start your Creeper audit today and see how you can improve your website’s security.