Two forward slashes in a url/src/href attribute

web-development

best-practices

performance

responsive-design

byNikita Barsukov·Jan 11, 2025

Incorporating // at the start of an href or src ensures the link matches the current page's protocol (HTTP or HTTPS):

<script src="//cdn.example.com/library.js"></script>

This method eliminates mixed content issues and shrugs off protocol preferences, allowing resources to adjust to the page's security context logically, and providing a handy performance boost in environments such as Magento 1.X.

What does "//" buy you?

Protocol-relative URLs, symbolized by the // prefix, cleverly abide by the protocol of the page requesting the resource. With this method, you are armoring up against browser warnings and blocked resources springing up from mixed content in both HTTP and HTTPS environments.

When to pick up the "//" hammer

In a scene where content swings between HTTP and HTTPS.
If your server handles both HTTP and HTTPS, ensuring a secure resource fetch.
To step up cross-browser compatibility and cushion resources against protocol hiccups.

Watch out for the banana peels

Relative protocol URLs could, however, trigger security alerts if the page's content resides in a secure den, but the resource defaults to a nonchalant HTTP request.
Some legacy technologies or proxy servers might have a hiccup understanding the shorthand, potentially meddling with your resource recovery.

"//" isn't just out to lunch

Magento 1.X's employment of protocol-relative URLs is a shining example of unlocking performance gains. They wield a double-edged sword by enhancing security during HTTPS checkout workflows. By preventing insecure elements from hassling users with non-protocol-relative URL prompts, we're set on the road to a smooth and secure user expedition.

Visualising "//"

While fancy metaphors are excellent, let's imagine a world without http:// or https://. Instead, we make do with //, and just like magic, resources play nicely regardless of the protocol!

With 'http://': 🏠🔗📬 (Specific delivery instructions are given)
With '//': 🏠📬 (You get the mail anyway, because the mailman knows the neighborhood!)

Magically, or not, using // lets your browser know to stick with the current protocol, saving a few CPU cycles.

"//" in Code and Practice

Dialing in protocol-relative URLs scores big on best practice charts in today's web development game, particularly for scripts, stylesheets, and other resource requests. Here's why.

It's the Browser's Best Bud

Relative protocol URLs cozy up with browsers across the board. Handling script and asset links across different protocols just got easier!

Security is in its DNA

Using // means hardcore adherence to your browser's security context. This is especially worth pondering when you're strolling through HTTPS pages where security is non-negotiable, like checkout processes or personal data transactions.

A Word for the Wise Developer

HTTP and HTTPS testing is a surefire way to ensure uniform behavior.
Be grind-aware with content from CDNs and their protocol-relative URL dealings.
Third-party scripts and their potential effect on the page's security is worth a coffee ponder.

explain-codes / Web development / Two forward slashes in a url/src/href attribute

Linked

Absolute URLs omitting the protocol (scheme) in order to preserve the one of the current page



Is it valid to replace http:// with // in a `



What is the difference between srcdoc="..." and src="data:text/html,..." in an ?



Get the current URL with JavaScript?



Detect HTTP or HTTPS then force HTTPS in JavaScript

