Ok, I happened upon this recently, and it sort of blew my mind. Section 4.2 of RFC 3986 provides for fully qualified URLs that omit protocol (the HTTP or HTTPS) altogether. When a URL’s protocol is omitted, the browser defaults to the underlying document’s protocol. “Put simply, these “protocol-less” URLs allow a reference like this to work in every browser you’ll try it in:
//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
I have personally wondered of something like this for a long time. “How do I include links to content I want to load without the secure/insecure message (assuming all content is available securely)?” I would ponder. “the “protocol-less” URL is the best way to reference third party content that’s available via both HTTP and HTTPS. On a page loaded through regular, unencrypted HTTP, script references using that URL will be loaded via HTTP and be cached as normal. Likewise, on a secure page that was loaded via HTTPS, script references targeting that protocol-less URL will automatically load the script from Google’s CDN via HTTPS and avoid the mixed content warning. Thus, using the protocol-less URL allows a single script reference to adapt itself to what’s most optimal: HTTP and it’s full caching support on HTTP pages, and HTTPS on secured pages so that your users aren’t confronted with a mixed content warning.” Originally found here: http://encosia.com/cripple-the-google-cdns-caching-with-a-single-character/.
It still amazes me that this is not well known to the hosting industry. It does however make the usage of CDN with mixed (HTTP/HTTPS) content much easier to utilize, which is also how I last saw this in practice, just days after seeing it was a possibility.