Protocol-Relative URLs and Modern Alternatives

1 min read SSL/TLS & Certificates

Protocol-Relative URLs and Modern Alternatives

Protocol-relative URLs (//example.com/resource) once provided flexible solutions but are now deprecated. Modern best practice uses HTTPS URLs exclusively or implements Content Security Policy upgrade-insecure-requests directive.

Implement proper resource loading:

<!-- Old protocol-relative (deprecated) -->
<script src="//cdn.example.com/script.js"></script>

<!-- Modern HTTPS-only -->
<script src="https://cdn.example.com/script.js"></script>

<!-- With subresource integrity -->
<script src="https://cdn.example.com/script.js" 
        integrity="sha384-..." 
        crossorigin="anonymous"></script>