HTTP/2 Protocol Overview

What is HTTP?

The HTTP (Hypertext Transfer Protocol) is a set of standards that enable HTTP clients (browsers and mobile apps) to communicate with web servers. HTTP is an application layer protocol that runs on top of other layers such as TCP/IP. HTTP is used to retrieve resources from servers, such as HTML documents, images, JavaScript, and CSS files, and submit web forms and PDF files to the server.

What is HTTP/2?

HTTP/2 (originally named HTTP/2.0) is a new version of the HTTP protocol. It was based on an earlier experimental SPDY protocol developed by Google to improve the web experience by making pages load faster and faster round-trip time (RTT), especially on resource-intensive web pages. The Internet Engineering Task Force (IETF) developed a second version of the protocol in the form of HTTP/2 in early 2015.

What is SPDY?

SPDY is an experimental protocol developed by Google to increase the speed and efficiency of content delivery. SPDY improves network performance, reduces page load latency, and improves network security through compression, multiplexing, and prioritization (dependent on network and website settings).

What's the relationship between SPDY and HTTP/2?

In 2010, Google released the SPDY protocol to improve the way of handling HTTP requests and responses. SPDY has focused on reducing latency through TCP pipelining and forced data compression. Initially, HTTP/2 was developing independently of SPDY. However, when it became apparent that SPDY was gaining traction from developers (such as Mozilla and Nginx) and that SPDY showed significant improvements over the older version of the HTTP protocol, it was decided to use SPDY as the basis for HTTP/2.

In February 2015, following the release of the HTTP/2 protocol, Google announced that it would drop SPDY support in favor of HTTP/2.

What is the difference between HTTP/1.x and HTTP/2?

HTTP/2 has been improved over HTTP/1.x in several ways to improve content delivery and user experience:

  • Binary protocol - the binary protocol consumes less bandwidth, can be parsed more efficiently and is less error-prone than the text-based protocol used by HTTP/1.x. The binary protocol can handle things like spaces, capital letters, and line endings better; it is more compact and less error-prone. For example, textual HTTP/1.1 defines four different ways to parse a message; and there is only one binary HTTP/2.
  • Multiplexing – HTTP/2 can initiate multiple requests in parallel over a single TCP/IP connection. As a result, web pages containing multiple elements can be transferred faster over a single TCP/IP connection. HTTP/2 multiplexing also solves the "header blocking" problem in HTTP/1.1. A header blocking problem occurs when a packet at the beginning of a line blocks the transmission of other packets and causes only one request actually to be processed on the connection at a time. An attempt was made to solve the header blocking problem by pipelining, but this was not completely resolved because a large or slow packet could still block other packets behind it. With HTTP/2 multiplexing, you can send multiple HTTP messages at the same time over a single TCP/IP connection and even mix parts of one HTTP message with another, allowing the browser to use only one connection per source to load the page.
  • Header compression – HTTP/2 can compress headers and reduce the overhead caused by TCP’s Slow Start mechanism. The TCP’s Slow Start mechanism limits the number of packets sent during the first few round trips. Header compression allows requests to hit the network in a single pass and sometimes in a single packet. The overhead caused by large headers can be significant, especially for mobile clients that typically see round-trip latency of several hundred milliseconds even in good conditions.
  • Server push – HTTP/2 servers can put resources into the browser cache before the browser requests them. This can significantly speed up page rendering since there is no need to wait for the browser to download and parse the HTML page to find all the resources on that page (images, JavaScript, and CSS files) and request each one. By the time the browser requests these files, they will already be in the browser cache.
  • Increased security – browsers only work with HTTP/2 over encrypted connections and do not work with unsecured ones. This increases the security of users and web applications in general.

What are the similarities between HTTP/1.x and HTTP/2?

The basic semantics of an HTTP application, including HTTP status codes, URIs, methodologies, and header files, remain unchanged in HTTP/2. The main differences lie in the mechanisms for handling client/server requests.

HTTP/1.x HTTP/2
SSL not required but recommended SSL not required but recommended
Slow encryption Fast encryption
One client-server request per TCP connection Multi-host multiplexing
No header compression Header compression
No stream prioritization Stream prioritization

Is encryption required in HTTP/2?

HTTPS is used to encrypt sensitive data for transmission over the Internet. The HTTP/2 standards do not require encryption and can work with both HTTP (no encryption) or HTTPS (TLS encryption) URIs. However, major browsers, including Chrome, Firefox, Safari, and Edge, have stated that they will work with HTTP/2 only over secure TLS channels. This makes encryption de facto mandatory. Encryption in HTTP/2 requires fewer TLS handshakes, less resource consumption on both the client and server sides, and improves the reuse of existing network sessions.

Why HPACK in HTTP/2?

Early versions of HTTP/2 used zlib to compress HTTP headers. However, in the summer of 2012, a method was published to attack the TLS compression algorithm, leading to session hijacking. As a result, the zlib compression algorithm was replaced by HPACK, which was specifically designed to address identified security issues and still provide good compression.

What are the benefits of migrating to HTTP/2?

Enhancements to HTTP/2 aim to improve client-server operations' efficiency and ensure a stable and high-performance connection. The updated HTTP/2 networking engine provides the following benefits.

  • Improved performance for web applications
    The ability of the HTTP/2 protocol to send and receive more data in a single client-server transaction gives a good performance advantage.
  • Best user experience for mobile users
    Header compression and multiplexing reduce latency when accessing Internet services over mobile networks and improve the user experience for mobile users.
  • Cheaper Internet
    HTTP/2 reduces the amount of data transferred over the network, providing improved communication mechanisms. This reduces the cost of using the Internet.
  • Media rich experience
    HTTP/2 features such as header compression can reduce the actual size of the transmitted data without losing quality. This reduces the overhead of transferring resource-intensive multimedia content between the client and the servers, lowering the cost and speeding up resource loading.
  • Enhanced security
    Using the HPACK compression algorithm instead of zlib and the binary protocol instead of the text-based protocol as in HTTP/1.x allows HTTP/2 to bypass most common security threats.

Conclusion

HTTP/2 is a major update to the HTTP protocol that brought multiplexing, header compression, binary format, server pushes, and resource prioritization. This results in improved performance of web and mobile applications increased security and lower Internet costs. Therefore, the transition to HTTP/2 is a natural process.