Securing your GitHub Pages site with HTTPS

HTTPS adds a layer of encryption that prevents others from snooping on or tampering with traffic to your site. You can enforce HTTPS for your Páginas de GitHub site to transparently redirect all HTTP requests to HTTPS.

Páginas de GitHub se encuentra disponible en repositorios públicos con GitHub Free y GitHub Free para organizaciones, y en repositorios privados y públicos con GitHub Pro, GitHub Team, GitHub Enterprise Cloud, y Servidor de GitHub Enterprise. Para obtener más información, consulta la sección "Productos de GitHub".

People with admin permissions for a repository can enforce HTTPS for a Páginas de GitHub site.

About HTTPS and Páginas de GitHub

All Páginas de GitHub sites, including sites that are correctly configured with a custom domain, support HTTPS and HTTPS enforcement. For more information about custom domains, see "About custom domains and Páginas de GitHub" and "Troubleshooting custom domains and Páginas de GitHub."

Los sitios Páginas de GitHub no se deben usar para realizar transacciones que impliquen el envío de información confidencial como contraseñas o números de tarjeta de crédito.

Warning: Páginas de GitHub sites are publicly available on the internet, even if the repository for the site is private or internal. If you have sensitive data in your site's repository, you may want to remove it before publishing. For more information, see "About repository visibility."

Enforcing HTTPS for your Páginas de GitHub site

  1. En GitHub, navega al repositorio de tu sitio.

  2. Debajo de tu nombre de repositorio, da clic en Configuración. Botón de configuración del repositorio

  3. In the left sidebar, click Pages. Page tab in the left-hand sidebar

  4. Under "Páginas de GitHub," select Enforce HTTPS. Enforce HTTPS checkbox

Resolving problems with mixed content

If you enable HTTPS for your Páginas de GitHub site but your site's HTML still references images, CSS, or JavaScript over HTTP, then your site is serving mixed content. Serving mixed content may make your site less secure and cause trouble loading assets.

To remove your site's mixed content, make sure all your assets are served over HTTPS by changing http:// to https:// in your site's HTML.

Assets are commonly found in the following locations:

  • If your site uses Jekyll, your HTML files will probably be found in the _layouts folder.
  • CSS is usually found in the <head> section of your HTML file.
  • JavaScript is usually found in the <head> section or just before the closing </body> tag.
  • Images are often found in the <body> section.

Tip: If you can't find your assets in your site's source files, try searching your site's source files for http in your text editor or on GitHub.

Examples of assets referenced in an HTML file

Asset typeHTTPHTTPS
CSS<link rel="stylesheet" href="http://example.com/css/main.css"><link rel="stylesheet" href="https://example.com/css/main.css">
JavaScript<script type="text/javascript" src="http://example.com/js/main.js"></script><script type="text/javascript" src="https://example.com/js/main.js"></script>
Image<A HREF="http://www.somesite.com"><IMG SRC="http://www.example.com/logo.jpg" alt="Logo"></a><A HREF="https://www.somesite.com"><IMG SRC="https://www.example.com/logo.jpg" alt="Logo"></a>

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.