When you are on HTTP and your browser requests an external script using hardcoded HTTPS, it safe. When you do otherwise, it’s not safe. So, the best practice is not to hardcode the protocol in your code.
Safety is No. 1 priority, validation is secondary. So, keep relative // instead of explicit http:// of https://.
Or, you can move your site to SSL and use https:// in every link.