Without this, if the parent page is accessed via https, many browsers will refuse to run the insecure JavaScript