in Review, Uncategorized

All you need to know about HTTP/2

HTTP/2 is the largest change in Hyper text transfer protocol after almost 16 years. Being a major version upgrade from HTTP/1.1, there has been a lot of discussion around it.

HTTP/2 is a binary protocol highly inspired from Google’s SPDY, It brings improvements over older version of HTTP in terms of security(by proposing an explicit TLS profile) , speed and simplicity. HTTP/2 can be used both on TLS and TCP More details, but most browsers only support it over TLS.

Major additions in HTTP/2

Header compression

With large number of requests originating from clients, redundant headers can waste bandwidth and increase latency. SPDY addressed this issue by using gzip header compression. Although HTTP/2 is highly inspired from SPDY, it uses a different compression scheme HPACK primarily because of vulnerabilities in the deflate scheme(CRIME).

Server Push

Server can preemptively push data to client in response to a previously created connection by client. This allows server to push data when it knows that further information will be required by the client.

This is particularly helpful in case when a client requests a document with embedded images and links, server can send a PUSH_PROMISE and then send all the data corresponding to the embedded resources. The PUSH_PROMISE makes sure that the client knows about the data that will be pushed by the server, avoiding any race conditions.

Request Multiplexing

Http/1.0 only allowed one outbound request at a time per TCP connection. HTTP/1.1 tried to solve this by adding pipelining, but the root problem still remained. HTTP/2 allows multiple request on a single TCP connection, responses for these request may be out-of-order. What this means is when traditionally clients would open 4-8 connections for parallelism HTTP/2 can virtually achieve the same parallelism on a single TCP connection.

Stream dependencies

Stream is an independent , bidirectional sequence of frames exchanged b/w client and server. A single HTTP/2 connection can have multiple concurrent open streams. Dependencies b/w streams can be used to prioritize resources among them. Dependant streams can be given weights which in turn decides the resource allocation strategy.


  1. Browser support
    Most browsers in their latest version now support HTTP/2 over TLS.Safari and IE support is also dependant on OS versions. For up to date info checkout the compatibility here.
  2. Server Changes
    Most common providers like cloudflare and akamai already haved moved all of their servers to h2. It requires pretty small changes to get started with h2 if you are on nginx or apache. For Nginx you just need to change configuration to add http2 , ssl and port 443. For apache you should be able to get up and running by installing mod_http2.


Further Reading

  1. HTTP2 RFC
  3. Github page

Write a Comment