90

I saw the //somepage.com/resource url format. For example:

<img src="//remotesite.com/image1.jpg" />

The point of this is that if the current page (the page defining the img tag) is using http, then the request to the remote site is made via http. If it is https - it's https. This eliminates browser warnings of not fully encrypted pages.

My question is - is this URL format safe to use for all browsers. And is it a standard?

unor
  • 92,415
  • 26
  • 211
  • 360
Bozho
  • 588,226
  • 146
  • 1,060
  • 1,140
  • 4
    Related: [Can I change all my http:// links to just // ?](http://stackoverflow.com/questions/4831741/can-i-change-all-my-http-links-to-just) answers your first and [Scheme relative URLs](http://stackoverflow.com/questions/3583103/scheme-relative-urls) answers your second question. – Gumbo Feb 12 '11 at 13:41
  • 1
    Similar question: http://stackoverflow.com/questions/8343942/what-is-the-effect-of-starting-a-url-with-and-leaving-out-http – Tomas Dec 01 '11 at 15:47
  • 1
    possible duplicate of [Is it valid to replace http:// with // in a – outis Mar 10 '12 at 15:37
  • Although you didn’t use the term in your question, I added the [tag:protocol-relative] tag (so this question can be found easier). – unor Jan 22 '14 at 20:59

3 Answers3

62

is this URL format safe to use for all browsers.

I can't say anything for sure, but you should be able to test it in different browsers.

And is it a standard?

Technically, it is called "network-path reference" according to RFC 3986. Here is the scheme for it:

  relative-ref  = relative-part [ "?" query ] [ "#" fragment ]

  relative-part = "//" authority path-abempty
                / path-absolute
                / path-noscheme
                / path-empty

There is a problem though, when used on a <link> or @import, IE7 and IE8 download the file.

Here is a post written by Paul Irish on the subject:

Boghyon Hoffmann
  • 17,103
  • 12
  • 72
  • 170
Sarfraz
  • 377,238
  • 77
  • 533
  • 578
  • 1
    Note that Paul Irish has updated his post to indicate that resources should now always be served over https when it is feasible to do so. See the post linked by @Sarfraz above. – Evan Donovan Nov 30 '16 at 16:07
  • 1
    Google analytics snippet code uses this scheme, so i bet it's cross browser while this tool is used by many many websites, they would just provide https version otherwise – Lukas Liesis Jan 10 '17 at 13:30
23

Yes I believe it is. Paul Irish coined the term Protocol Relative URL.

I'd also point out it's part of the HTML5Boilerplate project which evangelises cross browser compatibility.

Note: there is an edge case in IE6 with google analytics which is mentioned in Paul's article. So it's not perfect.

xzyfer
  • 13,937
  • 5
  • 35
  • 46
  • This is no longer true, see https://stackoverflow.com/a/37609402/2237601 or [here](https://github.com/h5bp/html5-boilerplate/pull/1694/commits/045a1676c4c8cf4bdd23374b5b049507101f5043), they now use `https://`. Also see [here](http://stackoverflow.com/a/37654145/2237601) why ommiting the protocol scheme might not be a good idea. – bg17aw Jun 07 '16 at 10:09
2

Should be safe.

Is specified as format to use in Google's HTML/CSS styleguide: EDIT: latest url : https://google.github.io/styleguide/htmlcssguide.xml#Protocol

Peter O'Brien
  • 185
  • 1
  • 7