An Introduction to HTTP/2
And how it can make your website blazing fast
For a moment, imagine you are back in 1999. Connecting to the internet still made that fax machine sound and you counted the amount of time you were online in minutes instead of hours. This was the year that HTTP/1.1 was finalized.
If you have ever used the internet you have probably typed “HTTP://” before a URL at least once. HTTP stands for Hypertext Transfer Protocol, and it is the technology used for communication on the internet. Web browsers like Google Chrome and Internet Explorer use HTTP to download and display webpages on your computer.
Since 1999, almost everything about the internet has changed. Nowadays, the internet has become so ubiquitous we’ve even stopped writing it with a capital “I.” Back in 1999 cutting-edge computers had less memory than today’s cheap cellphones and 80% of the US was on dial up. There were less than 10 million websites in the world (now there are over a billion) and the two most popular Internet activities – video streaming and social media – barely existed.
Back when HTTP/1.1 was developed the idea of widely used services that rely on server-side applications, push data, and streaming video was unheard of. So it only makes sense that the modern internet needs more than last century’s technology can provide.
That’s why engineers and computer scientists have spent years developing HTTP/2 – the first new version of HTTP in nearly two decades.
HTTP/2 – Creating a Faster Internet
HTTP/2 is a total reworking of the protocol that will bring tons of improvements in speed and efficiency. With such a big change, there are literally hundreds of improvements in HTTP/2. Let’s take a look at some of the biggest changes.
A major goal was to reduce latency (how long it takes for browsers and websites to talk to each other) by improving the way connections are made and maintained. This was achieved by implementing “multiplexing.” That may sound like something from Star Trek – but it’s just a fancy way of saying that connections are more flexible and can deliver multiple types of data at once. It’s sort of like comparing a single lane road with a multi-lane highway.
HTTP/2 + SSL, A Perfect Pairing
When you combine HTTP and SSL, you get HTTPS, which is the secure version of HTTP. This is true no matter what version of HTTP your website is using (Version 1.1 or 2).
Using HTTPS has always been optional. But over the last few years, the general attitude of security experts (including us!) have changed, and now it’s advised that all websites should support HTTPS because of nuanced privacy and security risks.
If you want to take advantage of HTTP/2, using SSL will be mandatory. This is because all the major browsers (Chrome, Firefox, Edge, etc.) have decided that they will only work with sites using SSL. Of course, this also means you need to use SSL certificates on your site.
Browsers don’t show you which version of HTTP you are using – they figure that’s more in-depth than most people want to know. All they show is “HTTP” or “HTTPS” – because that distinction lets you know when you are secure (browsers also show a padlock alongside HTTPS to make it more visually distinctive). But on the back-end some real magic is happening when you decide to use HTTP/2 – multiplexing, improved HTTP headers, and all that other good stuff is making your site wicked fast.
See For Yourself
We love the in-browser test of HTTP 1.1 vs HTTP 2 (with SSL) at https://www.httpvshttps.com/. On average – using HTTP 2 loaded the page more than 4x faster AND because it’s HTTPS, it did so securely.
HTTP/2 is pretty widely supported. Every modern browser supports it: Chrome, Firefox, IE 11, Opera and Chrome for Android and Safari on iOS. Server-side things look equally good; the three biggest server OSes (Apache, NGINX, and IIS) support HTTP/2, and a ton of others do as well (including Node.js and F5 BIG-IP). Click here for a more complete list.
If you area network engineer or server admin and want to go really in-depth on the features of HTTP/2, check out this free chapter from High Performance Browser Networking by Google’s Ilya Grigorik.
 NTIA Data, https://www.ntia.doc.gov/other-publication/2016/digital-nation-data-explorer
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown