Issues

Security: Protocol-Relative Resource Links

back to issues overview

Protocol-Relative Resource Links

URLs that load resources such as images, JavaScript and CSS using protocol-relative links.

A protocol-relative link is simply a link to a URL without specifying the scheme (for example, //screamingfrog.co.uk, which is missing https:).

It helps save developers time from having to specify the protocol and lets the browser determine it based upon the current connection to the resource.

However, this technique is now an anti-pattern with HTTPS everywhere, and can expose some sites to ‘man in the middle’ compromises and performance issues

How to Analyse in the SEO Spider

Use the ‘Security’ tab and ‘Protocol-Relative Resource Links’ filter to view these URLs.

View URLs with protocol-relative links using the lower ‘Resources’ tab and filtering the ‘Path Type’ column to ‘Protocol-Relative’.

They can be exported alongside the pages they are linked from via ‘Bulk Export > Security > Protocol-Relative Outlinks’.

What Triggers This Issue

This issue is triggered when a URL that loads resources such as images, JavaScript and CSS uses protocol-relative links.

For example:

<img src="//screamingfrog.co.uk/froggy.jpg" alt="Screaming Frog" />

How To Fix

Update any resource links to be absolute links including the scheme (HTTPS) to avoid security and performance issues.

Further Reading

Back to top