What is HTTP/2?
HTTP/2 is a further development of the HTTP/1.1 internet protocol. While the basic concept has remained the same, HTTP/2 reduces the time it takes to load websites as well as the protocol overhead. It offers webmasters the ability to prioritize requests and enables “server push”.
Reading Time: .
- Definition of what HTTP/2 is ➔
- How does HTTP/2 work? ➔
- What are the advantages of HTTP/2? ➔
- Criticism of HTTP/2 ➔
- Which browsers and systems support HTTP/2? ➔
- HTTP/2 testing: Which websites support the protocol? ➔
- What should companies consider when switching to HTTP/2? ➔
- What advantages does the upcoming successor protocol HTTP/3 promise? ➔
- HTTP/2: What you need to know ➔
Definition of what HTTP/2 is
In 2009 developers at Google started working on a follow-up protocol to HTTP/1.1, which they called SPDY (Speedy Protocol). Their primary goal was to reduce website load times by gradually overcoming the limitations of the original protocol.
By 2012, SPDY was already supported by a large number of browsers, and it was on its way to becoming the new standard.
At this point, the HTTP Working Group reacted to the development and initiated the development of the HTTP/2 standard. This protocol was largely based on SPDY.Today HTTP/2 is the new standard.
The multiplex method allows HTTP/2 to combine multiple requests. In addition, the data packets of the components of a website are sent in the order of their priority. This allows the website to be loaded faster. The header is also highly compressed compared to its HTTP/1.1 predecessor. It is able to achieve such compression by dispensing with unnecessary information. In addition, HTTP/2 uses binary code for communication instead of the text files that were used by HTTP/1.1. This makes the protocol easier to use and less prone to errors.
How does HTTP/2 work?
HTTP/2 makes web pages load faster and more efficiently by streamlining communication between the browser and server. A website is accessed using the HTTP/2 protocol as follows:
- The browser requests a TCP connection.
- The server establishes the TCP connection.
- The browser requests the index HTML file for the website.
What are the advantages of HTTP/2?
HTTP/2 offers numerous advantages over not just HTTP/1, but also SPDY.
HTTP/2 reduces the time it takes to load websites thanks to the adoption of the following measures:
Permanent TCP connection:
HTTP/2 natively supports Transport Layer Security (TLS). This allows for secure data transmission via HTTP/2. Encryption is not required in order for webmasters to use HTTP/2, but most browsers only support HTTP/2 with a secure connection.
Criticism of HTTP/2
HTTP/2 brings the HTTP Internet protocol into the 21st century and allows webmasters to provide quicker access to their websites. However, this does not mean that HTTP/2 has escaped criticism.
One point of criticism is the fact that the HTTP Working Group decided against requiring encryption. HTTP/2 supports TLS, but it is not mandatory to use encrypted data transmission. Nevertheless, some implementations have announced that they will only support HTTP/2 over an encrypted connection. There is currently no browser that supports HTTP/2 over an unencrypted connection.
In addition, HTTP/2 can also be abused for purposes of perpetrating Denial-of-Service attacks. A single client can disable a server by sending requests to it but not accepting the responses that it sends. Security researchers from Netflix publicly announced this security exploit in August 2019.
Which browsers and systems support HTTP/2?
All browsers now support HTTP/2 for both desktop and mobile devices. The only exception is Opera Mini, the mobile version of the Opera browser.
HTTP/2 testing: Which websites support the protocol?
Many major websites are already using HTTP/2, including Facebook, Google, and YouTube. In 2018, 48 percent of the top 100 sites (based on a ranking conducted by Similarweb) supported HTTP/2. The level of support was 44 percent for the top 200 websites and 42 percent for the top 300. This was an increase compared to 2016: at that time only [?] percent of the top 100 websites supported HTTP/2.
Using the developer tools built into the browser, users and web developers can test whether a website supports HTTP/2. For example, you can find instructions for Chrome here.
What should companies consider when switching to HTTP/2?
Companies migrating to HTTP/2 should switch to HTTPS at the same time. That is because many browsers only support HTTP/2 in combination with secure encryption. In addition, HTTPS has now become a factor that affects how the Google algorithm ranks a website, so it is also worthwhile to switch to HTTPS in order to improve a website’s search engine optimization.
What advantages does the upcoming successor protocol HTTP/3 promise?
HTTP/2 is far from being universally adopted across the internet. Nevertheless, the Internet Engineering Task Force (IETF) is already at work on its successor, HTTP/3. It uses the new Quic transport protocol, and thus utilizes a completely new technology compared to HTTP/1.1 and HTTP/2. HTTP/3 promises even faster loading times for websites. However, it will still take a few years before the brand new protocol is standardized and made generally available.
HTTP/2: What you need to know
HTTP/2 offers many advantages for users and website operators alike. The most important of these is likely to be the massively reduced loading times, which has a positive effect on usability, conversion rate, and, as a secondary factor, search engine optimization. Companies migrating from HTTP/1.1 to HTTP/2 should switch to HTTPS at the same time. When choosing digital service providers, it is also important to ensure that the provider’s services also support the HTTP/2 protocol.
The Myra DDoS Protection solution for protecting digital infrastructures is already optimized for the use of HTTP/2, and it can also be reliably used to process encrypted HTTPS traffic.
If you are interested in futher informations, we are willing to send you our product sheet for free
How Myra DDoS Protection can reliably secure your website or web application against all DDoS attack vectors:
- How is the protection activated in case of attack?
- What are the advantages of Myra protection solution?
- What are the features of Myra DDoS Protection for web applications??