Securing your GitHub Pages site with HTTPS

HTTPS adds a layer of encryption that prevents others from snooping on or tampering with traffic to your site. You can enforce HTTPS for your GitHub Pages site to transparently redirect all HTTP requests to HTTPS.

GitHub Pages is available in public repositories with GitHub Free, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see "GitHub's products."

All GitHub Pages sites, including sites that are correctly configured with a custom domain, support HTTPS and HTTPS enforcement. For more information about custom domains, see "Using a custom domain with GitHub Pages." For information about troubleshooting HTTPS with custom domains, see "Troubleshooting custom domains."

HTTPS enforcement is required for GitHub Pages sites using a domain that were created after June 15, 2016. If you created your GitHub Pages site before June 15, 2016, you can manually enable HTTPS enforcement.

Tip: GitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers.

Enforcing HTTPS for your GitHub Pages site

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings.

    Repository settings button

  3. Under "GitHub Pages," select Enforce HTTPS.

    Enforce HTTPS checkbox

Resolving problems with mixed content

If you enable HTTPS for your site, and your site's HTML still references images, CSS, or JavaScript over HTTP, then your site is serving mixed content, and you may have trouble loading assets. Serving mixed content also makes your site less secure.

To remove your site's mixed content, improve your site's security, and resolve problems related to loading mixed content, edit your site's HTML files and change http:// to https:// so that all of your assets are served over HTTPS.

For GitHub Pages sites that use Jekyll, your HTML files will most likely be stored in the _layouts folder. In general, CSS is found in the <head> section of your HTML file. JavaScript is usually in the <head> section or just before the closing </body> tag. Images are often in the <body> section.

Tip: If you can't find where your assets are found in your site, try searching your site's code for http in your text editor or on GitHub.

Examples of how assets may be referenced in an HTML file

Asset type HTTP HTTPS
CSS <link rel="stylesheet" href=""> <link rel="stylesheet" href="">
JavaScript <script type="text/javascript" src=""></script> <script type="text/javascript" src=""></script>
Image <A HREF=""><IMG SRC="" alt="Logo"></a> <A HREF=""><IMG SRC="" alt="Logo"></a>

Further reading

Ask a human

Can't find what you're looking for?

Contact us