This means that the URL in question loads in resources using protocol relative URLs, which can be requested over HTTP and as such represent a security vulnerability.
Protocol relative syntax has become relatively common over the last few years, as HTTPS adoption has spread, as it conveniently eliminates the need for developers to construct URLs based on the user's current security context. If this syntax is used on an HTTP page to include something from a CDN, it retrieves the HTTP version. If the user uses it on an HTTPS page, it retrieves the HTTPS version.
However, allowing the snippet to request over HTTP opens the door for attacks like the Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true.
This Hint will trigger for any internal URL (either HTTP or HTTPS) which includes resource links using a protocol relative URI.
Consider the URL: https://example.com/page-a
The Hint would trigger for this URL if it loads even a single resource using a protocol relative URI:
JavaScript resource link using protocol relative URI:
<script src="//code.jquery.com/jquery-2.2.3.min.js"></script>
CSS resource link using protocol relative URI:
<link href='//fonts.googleapis.com/css?family=Istok+Web' rel='stylesheet' type='text/css'>
Image resource src using protocol relative URI:
<img src="//example.com/img/logo.png">
You should use only https:// URLs when loading resources on your page (even if these are 3rd party resources that do not live on your own domain). For each URL that loads protocol relative resources, update the resource references to point to the HTTPS counterparts, using absolute URIs.
In some cases, you may find that the resources in question are not available over HTTPS, in which case seek to do one of the following:
Find, fix and communicate technical issues with easy visuals, in-depth insights, & prioritized recommendations across 300+ SEO issues.
Get all the capability of Sitebulb Desktop, accessible via your web browser. Crawl at scale without project, crawl credit, or machine limits.