You can enforce HTTPS to add a layer of encryption for traffic to your GitHub Pages site if it has a github.io domain.

With HTTPS enforcement enabled, HTTP requests to your GitHub Pages site will be transparently redirected to HTTPS.

HTTPS enforcement is required for GitHub Pages sites created after June 15, 2016 and using a github.io domain. If you created your GitHub Pages site before June 15, 2016, you can manually enable HTTPS enforcement. HTTPS is not supported for GitHub Pages using custom domains.

Tip: GitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. Repository settings button

  3. Under "GitHub Pages", select Enforce HTTPS. Enforce HTTPS checkbox

Resolving problems with mixed content

If you enable HTTPS for your site, and your site's HTML still references images, CSS, or JavaScript over HTTP, then your site is serving mixed content, and you may have trouble loading assets. Serving mixed content also makes your site less secure.

To remove your site's mixed content, improve your site's security, and resolve problems related to loading mixed content, edit your site's HTML files and change http:// to https:// so that all of your assets are served over HTTPS.

For GitHub Pages sites that use Jekyll, your HTML files will most likely be stored in the _layouts folder. In general, CSS is found in the <head> section of your HTML file. JavaScript is usually in the <head> section or just before the closing </body> tag. Images are often in the <body> section.

Tip: If you can't find where your assets are found in your site, try searching your site's code for http in your text editor or on GitHub.

Examples of how assets may be referenced in an HTML file

Asset type HTTP HTTPS
CSS <link rel="stylesheet" href="http://example.com/css/main.css"> <link rel="stylesheet" href="https://example.com/css/main.css">
JavaScript <script type="text/javascript" src="http://example.com/js/main.js"></script> <script type="text/javascript" src="https://example.com/js/main.js"></script>
Image <A HREF="http://www.somesite.com"><IMG SRC="http://www.example.com/logo.jpg" alt="Logo"></a> <A HREF="https://www.somesite.com"><IMG SRC="https://www.example.com/logo.jpg" alt="Logo"></a>