If you include unencrypted scripts in the <head> area and call up a page with an existing SSL certificate encrypted, these scripts are blocked and therefore not executed. If you simply omit the protocol, all scripts are automatically called in encrypted form if the website is accessed via https: // - otherwise unencrypted.
For this one uses instead
The only pitfall is to make sure that the script can be accessed both with and without https. Incidentally, this is not a trick, but the behavior is officially specified in RFC 3986: "Uniform Resource Identifier (URI): Generic Syntax" , in section "4.2. Relative Reference ":
A relative reference that begins with two slash characters is termed a network-path reference; such references are rarely used.