Looking at how google analytics add their script to the page:
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
Then document.location.protocol would seem safe for all browsers.
Looking at how google analytics add their script to the page:
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
Then document.location.protocol would seem safe for all browsers.