Relative and absolute URLs are relatively new concepts. HTTP is a protocol that was adopted in 1991 by Tim Berners-Lee to transfer data using hypertext. Several times, the standards have been updated, but the constant threat of hacker attacks has led to a new version of the protocol protected by SSL and TLS – HTTPS. Absolute URLs use HTTPS, and relative URLs use HTTP. In our article, we will discuss what kind of URL to use and what to do if the system loads pages only using protocol-relative URLs.
Why this problem occurs?
Some URLs are downloaded by requesting an HTTP connection, which may indicate a risk of unauthorized access to the page.
How to check URLs?
Let’s take a closer look at what HTTP and HTTPS are, and how these protocols affect safe and fast data transfer.
HTTP (HyperText Transfer Protocol) is a set of rules describing the interaction of work units during data transfer. Initially, it was used for sending documents html; now, with the help of HTTP protocol, data in different formats are transferred on the Internet.
HTTP is only for data transfer, not for encryption and privacy. HTTP coding mechanisms are not designed to hide data, and password and user login are transmitted without encryption.
An extension to the HTTP protocol, HTTPS, was created to make the data transfer more secure. In fact, it’s a merger of two protocols – HTTP and SSL.
Now, let’s clarify the concepts of relative and absolute URLs. A relative URL is used when the destination is on the same server as the link itself. The name of the server is omitted, the document name is abbreviated. Absolute URL is used when the destination of data transfer is on a different server.
If the URL in question is downloaded via an HTTP request, this creates a resource vulnerability problem.
Detect if system loads page resources using protocol-relative URLs and go ahead to analyse the other issues on it!
Check not only the issue but make a full audit to find out and fix your technical SEO.
Why is this important?
Recently, relative URLs have become commonplace because of the massive spread of HTTPS. If this type of syntax is used on an HTTP page with a CDN connection, data will still be transferred in HTTP protocol. A relative URL on the HTTPS page implies data transfer through HTTPS.
However, you should remember that HTTP does not protect against hacker attacks because it is not designed to encrypt the information transferred. Therefore, you should always request HTTPS, even if you are on a page with HTTP.
How to fix an incorrect loading?
To keep your web resources completely safe, use the following recommendations:
- Use only URLs with HTTPS for downloading, even if the requested resource is on a different domain.
- Reconfigure all existing links on the site to enable HTTPS.
- If the requested resource is not available through a secure protocol, you can connect to it from another domain if it is available. In the other case, simply post the desired content manually.
If the first and second tips don’t work, remove the resource from your site for security reasons.