Securing your GitHub Pages site with HTTPS
GitHub Pages is available in public repositories with GitHub Free, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see "GitHub's products."
HTTPS adds a layer of encryption that prevents others from snooping on or tampering with traffic to your site. You can enforce HTTPS for your GitHub Pages site to transparently redirect all HTTP requests to HTTPS.
All GitHub Pages sites, including sites that are correctly configured with a custom domain, support HTTPS and HTTPS enforcement. For more information about custom domains, see "Using a custom domain with GitHub Pages." For information about troubleshooting HTTPS with custom domains, see "Troubleshooting custom domains."
HTTPS enforcement is required for GitHub Pages sites using a
github.io domain that were created after June 15, 2016. If you created your GitHub Pages site before June 15, 2016, you can manually enable HTTPS enforcement.
Tip: GitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers.
Enforcing HTTPS for your GitHub Pages site
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
Under "GitHub Pages," select Enforce HTTPS.
Resolving problems with mixed content
To remove your site's mixed content, improve your site's security, and resolve problems related to loading mixed content, edit your site's HTML files and change
https:// so that all of your assets are served over HTTPS.
For GitHub Pages sites that use Jekyll, your HTML files will most likely be stored in the _layouts folder. In general, CSS is found in the
<head> section or just before the closing
</body> tag. Images are often in the
Tip: If you can't find where your assets are found in your site, try searching your site's code for
http in your text editor or on GitHub.
Examples of how assets may be referenced in an HTML file