Protocol independent assets

Delivering a SSL secured application via HTTPS requires to deliver external assets like pictures or Javascript/ CSS files via HTTPS as well. Likewise static link references via HTTP should be HTTPS ready. Otherwise the browser will respond with unpleasant warnings:

GET http://example.com/ [Mixed Content] [HTTPS/1.1 200 OK 39ms]

If the the assets are provided by an external CDN (Content Delivery Network), it is important to make sure they also are supplied via HTTPS. The link references can be defined protocol non-specific. Instead of:

<link href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet">

the protocol independent version:

<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet">

Please note the missing protocol specification. The external resource is requested with the same protocol which was used for the current page. That means HTTP in the case of http://example.com and HTTPS in the case of https://example.com.