An Introduction to HTTP/2
And how it can make your website blazing fast
For a moment, imagine you are back in 1999. Connecting to the internet still made that fax machine sound and you counted the amount of time you were online in minutes instead of hours. This was the year that HTTP/1.1 was finalized.
If you have ever used the internet you have probably typed “HTTP://” before a URL at least once. HTTP stands for Hypertext Transfer Protocol, and it is the technology used for communication on the internet. Web browsers like Google Chrome and Internet Explorer use HTTP to download and display webpages on your computer.
Since 1999, almost everything about the internet has changed. Nowadays, the internet has become so ubiquitous we’ve even stopped writing it with a capital “I.” Back in 1999 cutting-edge computers had less memory than today’s cheap cellphones and 80% of the US was on dial up.[1] There were less than 10 million websites in the world (now there are over a billion) and the two most popular Internet activities – video streaming and social media – barely existed.
Back when HTTP/1.1 was developed the idea of widely used services that rely on server-side applications, push data, and streaming video was unheard of. So it only makes sense that the modern internet needs more than last century’s technology can provide.
That’s why engineers and computer scientists have spent years developing HTTP/2 – the first new version of HTTP in nearly two decades.
HTTP/2 – Creating a Faster Internet
HTTP/2 is a total reworking of the protocol that will bring tons of improvements in speed and efficiency. With such a big change, there are literally hundreds of improvements in HTTP/2. Let’s take a look at some of the biggest changes.
A major goal was to reduce latency (how long it takes for browsers and websites to talk to each other) by improving the way connections are made and maintained. This was achieved by implementing “multiplexing.” That may sound like something from Star Trek – but it’s just a fancy way of saying that connections are more flexible and can deliver multiple types of data at once. It’s sort of like comparing a single lane road with a multi-lane highway.
HTTP/2 + SSL, A Perfect Pairing
When you combine HTTP and SSL, you get HTTPS, which is the secure version of HTTP. This is true no matter what version of HTTP your website is using (Version 1.1 or 2).
Using HTTPS has always been optional. But over the last few years, the general attitude of security experts (including us!) have changed, and now it’s advised that all websites should support HTTPS because of nuanced privacy and security risks.
If you want to take advantage of HTTP/2, using SSL will be mandatory. This is because all the major browsers (Chrome, Firefox, Edge, etc.) have decided that they will only work with sites using SSL. Of course, this also means you need to use SSL certificates on your site.
Browsers don’t show you which version of HTTP you are using – they figure that’s more in-depth than most people want to know. All they show is “HTTP” or “HTTPS” – because that distinction lets you know when you are secure (browsers also show a padlock alongside HTTPS to make it more visually distinctive). But on the back-end some real magic is happening when you decide to use HTTP/2 – multiplexing, improved HTTP headers, and all that other good stuff is making your site wicked fast.
See For Yourself
We love the in-browser test of HTTP 1.1 vs HTTP 2 (with SSL) at https://www.httpvshttps.com/. On average – using HTTP 2 loaded the page more than 4x faster AND because it’s HTTPS, it did so securely.
HTTP/2 is pretty widely supported. Every modern browser supports it: Chrome, Firefox, IE 11, Opera and Chrome for Android and Safari on iOS.[2] Server-side things look equally good; the three biggest server OSes (Apache, NGINX, and IIS) support HTTP/2, and a ton of others do as well (including Node.js and F5 BIG-IP). Click here for a more complete list.
If you area network engineer or server admin and want to go really in-depth on the features of HTTP/2, check out this free chapter from High Performance Browser Networking by Google’s Ilya Grigorik.
[1] NTIA Data, https://www.ntia.doc.gov/other-publication/2016/digital-nation-data-explorer
[2] http://caniuse.com/#feat=http2
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown