My blog runs on http and I'm accessing admin backend using https. There is self-signed certificate on the hosting server to provide encryption of sensitive data.
After installing Wordfence I get a warning loading the frontend:
The server's certicifate chain is incomplete...
This is caused by this line:
var src="https://domain.com/wp-admin/admin-ajax.php?...
IMHO you should use the http protocol by default and only in case the frontend page is loaded in https then you should change the protocol to https using your code:
if(window.location.protocol == "https:"){ src = src.replace("http:", "https:");