You can enforce HTTPS to add a layer of encryption for traffic to your GitHub Pages site if it has a
With HTTPS enforcement enabled, HTTP requests to your GitHub Pages site will be transparently redirected to HTTPS.
HTTPS enforcement is required for GitHub Pages sites created after June 15, 2016 and using a
github.io domain. If you created your GitHub Pages site before June 15, 2016, you can manually enable HTTPS enforcement. HTTPS is not supported for GitHub Pages using custom domains.
Tip: GitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers.
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
Under "GitHub Pages", select Enforce HTTPS.
Resolving problems with mixed content
To remove your site's mixed content, improve your site's security, and resolve problems related to loading mixed content, edit your site's HTML files and change
https:// so that all of your assets are served over HTTPS.
For GitHub Pages sites that use Jekyll, your HTML files will most likely be stored in the _layouts folder. In general, CSS is found in the
<head> section or just before the closing
</body> tag. Images are often in the
Tip: If you can't find where your assets are found in your site, try searching your site's code for
http in your text editor or on GitHub.
Examples of how assets may be referenced in an HTML file