What is HTTP/2?
HTTP/2 is the latest version of the Hypertext Transfer Protocol, the internet information transfer protocol, and is the next version of the HTTP/1.1 protocol. As a protocol it does not change the commands or methods of the original HTTP protocol but sets new procedures for the communication, the connection and the transfer of the information between the client and the server and how that data will be formatted to be transported.
Started as an experimental idea named SPDY by Google and then finalized in 2015 by the Hypertext Transfer Protocol Working Group. HTTP/2 is HTTP/1.1 compatible if a client or a server does not support it properly.
The HTTP protocol update, HTTP/2, is the present and the future of the fast internet connections, offering many improvements in the connection speed of a website.
Advantages of HTTP/2
The connection's speed
The most important advantage of HTTP/2's is its connection speed for data transfer. Instead of many links to the server, only one TCP connection is created which remains open for the entire time that the application/website is still open. Through this one connection, it transfers all the information that will be needed, using multiplexing. So the loading speed of the websites that support it becomes much faster.
The technique of multiplexing has long been known in the field of networks, but because of the nature of the HTTP 1.x protocol (text protocol) it was not possible to apply to HTTP connections. The HTTP/2 protocol is a binary protocol and allows the guaranteed information transmission by multiplexing. On a practical level, the concept of multiplexing refers to the possibility of separating a physical channel (a TCP connection in our case) into multiple multiplexed channels.
The client now exchanges information with the server through multiple (logical) channels, which significantly decreases response time.
- HTTP/2 Server Push and Flow Control
In HTTP/2 connections, the server has the ability to PUSH the resources of a web page to the client without waiting for the client to request them. With HTTP 1.x, the browser initially downloads the DOM of the webpage, including all references to the objects that make up the website. As soon as the DOM is downloaded, it is analyzed by the browser and begins the request of the items from the server.
With HTTP/2, the server begins to send the resources referenced to the DOM itself, without waiting for the browser to analyze the DOM and send a request for each of the resources. This way, when the browser manages to analyze the DOM, some of the website's resources may have already been downloaded and the waiting time is getting shorter.
The client has the ability to tell the server how much data needs and can manage for a task using Flow Control, such as when streaming a video. A client may at any time increase or decrease this limit by updating the server accordingly.
- More security of the connections
Although encryption of HTTP/2 connections is unnecessary, browsers supporting it have defined a condition that to accomplish such a connection the website should have installed and enabled a security certificate for encrypting its data. Thus, as an "indirect" result, all HTTP/2 connections are encrypted (over TLS) offering more security to the users.
- More mobile-friendly
As we said, HTTP/2 supports a TCP connection per client, so mobile devices with low processing power take advantage of this as they do not need to keep and manage data from multiple connections. Also, by reducing the size of packets that are transferred via HTTP/2, webpages load faster on slow connections like 3G.
- Better SEO performance
A website that supports HTTP/2 will not appear directly higher in search results but indirectly will earn "favor" from search engines for its download speed. Google has added HTTP/2 support to it's search engine crawler from the very first days of the new protocol.
- HTTP headers compression
Each HTTP transfer carries a set of headers describing the transferred data and its properties. In HTTP/1.1, this header information is always sent as plain text that adds some bytes and sometimes kilobytes (if cookies are used) per transfer.
To reduce this data and improve performance, HTTP/2 reduces the size of the packets that are being moved by compressing their headers. This feature is especially important for TCP connections, when the TCP protocol attempts to restore a new connection it allows very small packet sizes to make the communication faster. Compression is done with two simple techniques:
Codes the headers fields through a static Huffman code, which reduces their size.
It requires that the client and the server keep and update a list of the header fields they have previously received. So HTTP/2 sends only the header information that has been changed without repeating the data already notified to the other side.
Inevitably an HTTP header that's on average 1KB in size, can break into many smaller data packets. By compressing the headers, the number of packets scattered across the network are fewer and hence the connection is faster.
- Hierarchy of the downloaded data
Data transfer requests take a significance level so that the server knows which packages are most needed from the client and sends them earlier than other information packets.
Disadvantages of HTTP/2
- Its compatibility with HTTP/1.1
Since HTTP/2 had to keep the compatibility with its predecessor, it was not possible to implement several improvements that many IT practitioners expected.
- It is not necessary to encrypt the data
The HTTP/2 protocol does not define encryption of data as a built-in functionality, and leaves it to the choice of the application. Browsers may consider encryption of data necessary to achieve an HTTP/2 connection but it is actually optional.
- The security of cookies
One of the biggest HTTP/1.1 security flaws is the cookies that contain user data. Using this data, the server can recognize the user and keep the session open. Cookies may be stolen or spoiled by hackers to access websites containing the user's personal data, even without passwords. In the HTTP/2 protocol there was not an attempt to improve this mechanism.
All known and widespread browsers, such as Chrome 41+, Firefox 36+, Safari 11+, and Edge 12+, support the new HTTP/2 protocol. However, as mentioned above only for connections that are implemented over TLS using a security certificate.
Web Servers support
The three most-known web servers, Apache 2.4+, Nginx 1.9.5+ and Microsoft IIS 10+, support the new HTTP/2 protocol with only condition the activation of the feature by the system administrator.
IP.GR provides a free SSL security certificate in all hosting packages, as well as free HTTP/2 connections (using https). All tools are therefore provided so that each website can securely traffic its data on the Internet and make the most of these technologies and improve its performance significantly compared to other older types of infrastructure and technologies.