diff --git src/wp-includes/js/media-views.js src/wp-includes/js/media-views.js
index 62d2e43..809ccd2 100644
--- src/wp-includes/js/media-views.js
+++ src/wp-includes/js/media-views.js
@@ -7459,7 +7459,7 @@
 		},
 
 		updateImage: function() {
-			this.$('img').attr( 'src', this.model.get('url') );
+			this.$('img').attr( 'src', this.model.get('src_url') );
 		}
 	});
 
diff --git src/wp-includes/link-template.php src/wp-includes/link-template.php
index 235fa79..72c20cb 100644
--- src/wp-includes/link-template.php
+++ src/wp-includes/link-template.php
@@ -3032,7 +3032,7 @@ function self_admin_url($path = '', $scheme = 'admin') {
  * @since 3.4.0
  *
  * @param string $url Absolute url that includes a scheme
- * @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'.
+ * @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', 'relative', or 'network_path'.
  * @return string $url URL with chosen scheme.
  */
 function set_url_scheme( $url, $scheme = null ) {
@@ -3042,7 +3042,7 @@ function set_url_scheme( $url, $scheme = null ) {
 		$scheme = is_ssl() ? 'https' : 'http';
 	} elseif ( $scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc' ) {
 		$scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http';
-	} elseif ( $scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative' ) {
+	} elseif ( $scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative' && $scheme !== 'network_path' ) {
 		$scheme = is_ssl() ? 'https' : 'http';
 	}
 
@@ -3054,6 +3054,8 @@ function set_url_scheme( $url, $scheme = null ) {
 		$url = ltrim( preg_replace( '#^\w+://[^/]*#', '', $url ) );
 		if ( $url !== '' && $url[0] === '/' )
 			$url = '/' . ltrim($url , "/ \t\n\r\0\x0B" );
+	} else if ( 'network_path' == $scheme ) {
+		$url = preg_replace( '#^\w+://#', '//', $url );
 	} else {
 		$url = preg_replace( '#^\w+://#', $scheme . '://', $url );
 	}
diff --git src/wp-includes/media.php src/wp-includes/media.php
index 0c3fd22..fcce20a 100644
--- src/wp-includes/media.php
+++ src/wp-includes/media.php
@@ -2588,6 +2588,7 @@ function wp_prepare_attachment_for_js( $attachment ) {
 		'title'       => $attachment->post_title,
 		'filename'    => wp_basename( $attachment->guid ),
 		'url'         => $attachment_url,
+		'src_url'     => set_url_scheme( $attachment_url, 'network_path' ),
 		'link'        => get_attachment_link( $attachment->ID ),
 		'alt'         => get_post_meta( $attachment->ID, '_wp_attachment_image_alt', true ),
 		'author'      => $attachment->post_author,
diff --git src/wp-includes/post.php src/wp-includes/post.php
index f97318e..4d201b3 100644
--- src/wp-includes/post.php
+++ src/wp-includes/post.php
@@ -4944,6 +4944,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
 		$url = get_the_guid( $post->ID );
 	}
 
+	// Match the current scheme.
+	$url = set_url_scheme( $url );
+
 	/**
 	 * Filter the attachment URL.
 	 *
diff --git tests/phpunit/tests/post/attachments.php tests/phpunit/tests/post/attachments.php
index d079654..fe716e6 100644
--- tests/phpunit/tests/post/attachments.php
+++ tests/phpunit/tests/post/attachments.php
@@ -278,4 +278,51 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
 		$this->assertEquals( $attachment->post_parent, $post_id );
 	}
 
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_url_on_front_end_with_https_off() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'off';
+
+		// Test non-admin pages
+		set_current_screen( 'front' );
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( $url, set_url_scheme( $url, 'http' ) );
+
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
+
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_url_on_front_end_with_https_on() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'on';
+
+		// Test non-admin pages
+		set_current_screen( 'front' );
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( $url, set_url_scheme( $url, 'https' ) );
+
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
 }