Securing your GitHub Pages site with HTTPS
HTTPS adds a layer of encryption that prevents others from snooping on or tampering with traffic to your site. You can enforce HTTPS for your GitHub Pages site to transparently redirect all HTTP requests to HTTPS.
GitHub Pages is available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see "GitHub's products."
People with admin permissions for a repository can enforce HTTPS for a GitHub Pages site.
All GitHub Pages sites, including sites that are correctly configured with a custom domain, support HTTPS and HTTPS enforcement. For more information about custom domains, see "About custom domains and GitHub Pages" and "Troubleshooting custom domains and GitHub Pages."
HTTPS enforcement is required for GitHub Pages sites using a
github.io domain that were created after June 15, 2016. If you created your site before June 15, 2016, you can manually enable HTTPS enforcement.
GitHub Pages sites shouldn't be used for sensitive transactions like sending passwords or credit card numbers.
Warning: GitHub Pages sites are publicly available on the internet, even if their repositories are private or internal. If you have sensitive data in your site's repository, you may want to remove it before publishing. For more information, see "About repository visibility."
- On GitHub, navigate to your site's repository.
- Under your repository name, click
- Under "GitHub Pages," select Enforce HTTPS.
To remove your site's mixed content, make sure all your assets are served over HTTPS by changing
https:// in your site's HTML.
Assets are commonly found in the following locations:
- If your site uses Jekyll, your HTML files will probably be found in the _layouts folder.
- CSS is usually found in the
<head>section of your HTML file.
<head>section or just before the closing
- Images are often found in the
Tip: If you can't find your assets in your site's source files, try searching your site's source files for
http in your text editor or on GitHub.