: Why would you use document.location.protocol instead of plain // prefixed urls? For instance Google Analytics uses document.location.protocol in the boilerplate for tracking: <script type="text/javascript">

@YK1175434

//www.google-analytics.com/ga.js is not an URL per its standard, as it lacks the scheme, which is mandatory. It works and is used, but it remains non conforming to the URL standard.

See RFC3986 §3 :


The scheme and path components are required, though the path may be
empty (no characters). When authority is present, the path must
either be empty or begin with a slash ("/") character. When
authority is not present, the path cannot begin with two slash
characters ("//").

Vote Up Vote Down

@Turnbaugh106

Indeed, it was not an oversight by the GA Team!
GA loader loads a script, so that's not affected by the double-download bug on a <link> or @import for a stylesheets in IE7/IE8.

They use the conditional (ternary) operator on document.location.protocol because of an edge-case bug in IE6 that causes a security-dialog to pop up under certain security settings when requesting from the non-'ssl' subdomain,
as explained by Paul Irish (who worked together with the Google Analytics javascript lead developer on this matter) on his blog: www.paulirish.com/2010/the-protocol-relative-url/ from which I quote below:


2011.01.23: But... what about using this on the Google Analytics snippet?

Yes of course, wouldn't that be nice... So I worked with the Google Analytics javascript lead developer (God, I love working at google) to see if we could do this... turns out we can't. There is an edgecase bug in IE6 that causes a dialog to blow up... under some security settings (unsure if they are default) when requesting from the non-'ssl' subdomain. screenshot here. So feel free to take 40 bytes off your GA snippet if you don't care about IE6.. otherwise you're gonna need that ternary operator. `:)`

2011.12.24. Eric Law (from the IE team) chimes on why IE6 doesn't play well GA...

The reason this doesn't work in IE6 is that the server is using SNI to deduce what certificate to return. XP (and thus IE6) doesn't support SNI in the HTTPS stack. See for details.

Vote Up Vote Down

@Becky754

This Stack Overflow answer makes some good points.

It would be important to explicitly specify the protocol so that the target asset is loaded correctly within a document opened from a local drive (file:) or when using "iframe magic" (about:).

Vote Up Vote Down

@Yeniel560

You already pointed out the difference in the case of Google Analytics, namely that the secure version is on ssl. instead of www.. While a secure version of the www may work, it could also be different to the ssl version:


Different certificates for the ssl version and www version.
Different code on each version.
Different cookies set, specific to the SSL domain.


I don't know if any of these apply to Google though. From a glance the code looked to be the same.

Vote Up Vote Down

@Yeniel560

At least has one problem in IE because it causes double downloads: www.stevesouders.com/blog/2010/02/10/5a-missing-schema-double-download/

Vote Up Vote Down