What is HTTP/2?

HTTP/2 is a major revision of the Hyper Text Transfer Protocol, a standard that controls the connection between your browser and a server. The last version of HTTP (1.1) was released in 1997 when the web was very basic, as you imagine it needed a refresh. HTTP/2 assures improved websites and apps for all, offering improved performance, speed and usability.

HTTP/2 was based on Google’s SPDY, a protocol to modify the way HTTP requests are handled.

Benefits of HTTP/2

HTTP/2 has brought numerous benefits, in this article, we’ll cover a few of them including the hows, whys and implementation. These benefits don’t just apply to websites, mobile apps will often require resources from servers.

Multiplexed Requests over a Single TCP Connection

One of the main problems the original version faces today, is loading multiple, large resources often required for modern websites. A resource could be anything from an image, stylesheets, script or font files.

In order to download these resources, browsers create connections to the server hosting the files. With HTTP 1.1, browsers are limited to a low number of connections at any one time and are limited to downloading one resource per connection. This results in a large amount of time to load all resources required for the size.

HTTP/2 tackles this problem by allowing multiple resource requests per connection, drastically reducing the time it takes to obtain all of the resources.

Compressed Headers

Requests bloated with metadata and cookies can have a significant impact on performance. HPACK is a solution built for HTTP/2 to resolve this issue. It is a header compression format, which reduces header size in a more efficient and secure way than other solutions such as GZip.

HTTP/2 is Binary

HTTP/2 is a binary protocol. This means it’s better at parsing data, more compact during transit, and most importantly, is less error-prone when compared to textual protocols such as HTTP 1.x.

Server Push

With HTTP 1.x a website will issue requests for resources, however with HTTP/2, a new technology called Server Push will allow a server to speculate and deliver content before the browser actually sends a request for it, which can hugely improve performance and speed.

Source: https://blog.cloudflare.com/announcing-support-for-http-2-server-push-2/

As the browser requests page.html, the server can intercept the browser’s requests for style.css and image.png and automatically sends them, ultimately saving time.

Improved Security

HTTP/2 improves security by requiring a SSL/TLS profile to be used, leading most traffic to be encrypted. TLS or it’s predecessor SSL, is a security encryption layer used to protect sensitive information whilst in transit. While HTTP/2 can be run without SSL/TLS, it is not the default behaviour.

Should I Implement HTTP/2?

If you’re considering switching over to HTTP/2, we recommend to cross check your user’s browsing habits against HTTP/2 support. Using a tool like Google Analytics, you can track your users browser and version. If the majority of visitors are using a supportive browser, it will definitely be worth the upgrade.

It’s also worth noting that HTTP/2 is also backwards compatible with HTTP 1.x. For visitors without support for the new protocol, everything will work just like before. Some sites such as Gmail, have been using HTTP/2 (and previously SPDY) for a while now, if you use Gmail’s web interface, you’ll have experienced it without even noticing.

If you’d like us to help get you set up with HTTP/2, get in touch, we’ve got several security and server experts who will be more than happy to help.

Conclusion

The HTTP/2 spec has been finalised and formally approved in 2015. Many service providers have already started to implement the standard, it’s something that should be on your radar too.

This is a new age for the internet, taking web speed and efficiency to a whole new level, using exciting ways of transporting data between the browser and servers.

If you’ve already upgraded your servers to support HTTP/2, have you benchmarked the results? Have you noticed improvements to real-life uses of your websites? We’d love to hear your experiences and answer any questions you may have.

Further Reading and Sources

• http://www.theguardian.com/technology/2015/feb/18/http2-speed-up-web-browsing-desktop-mobile
• https://en.wikipedia.org/wiki/HTTP/2
• http://caniuse.com/#search=http2
• http://royal.pingdom.com/2015/06/11/http2-new-protocol/
• https://ma.ttias.be/architecting-websites-http2-era/

Jordi Giménez

Jordi has worked as a project manager, developer and security analyst in web, iOS and Android. He’s worked for companies big and the small in government, banking, insurance, healthcare and IT.