Why does an anchor tag's href values need http:// preprended to the URL?

Question

click here

Clicking the above link on a site\'s HTML page would try to take the

Answer 1

Update 3/2/2016:

Just use HTTPS for everything, eg: https://www.example.com

Paul Irish recommends against using protocol-relative URLs, i.e. //, and recommends writing all links using https:// - the rationale being:

Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique [protocol-relative URLs] is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.

Allowing the snippet to request over HTTP opens the door for attacks like the recent Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true.

---

Original post:

As other answers have stated, including protocols in URIs is important because otherwise you leave it up to chance how the URI is interpreted. You could have a MP4 video file literally named "www.something.com" instead of "video.mp4", or a client might try to access your website over FTP because it guessed the protocol wrong.

As Kolink pointed out in a comment, you can omit the http: entirely and just use //, eg //www.example.com. It stops mixed-content security errors ("this page has insecure elements"). It does this because browers will fetch assets such as images as if those assets were using https:// when the user is connected to the current page via HTTPS.