Http/2 – origin story
HTTP/2 came into our lives in 2015, following in the footsteps of Google’s SPDY. It gave us the much-needed reduction in page load times along with a whole bunch of new features like multiplexing, header compression, and server push — just to name a few of the benefits.
Not only has HTTP/2’s new compression format proved to be resilient against header compression attacks such as CRIME (which stands for “compression ratio info-leak made easy”), but as a binary protocol, it automatically safeguards us against attacks inherent with text-based protocols. The best part? All major client browsers and servers extend support to HTTP/2, and W3Techs reports that 40.7% of websites are using the protocol as of August 2019.
Benefits of Using HTTP/2
- Multiplexing allows multiple resources to be sent over a single connection, which eliminates the need for optimization hacks to work around the six connections per host rule.
- Stream prioritization allows for higher priority resources to get delivered to the client first.
- Header compression using HPACK reduces redundancy and performance overheads.
- Performance benefits are evident for mobile users
- Since it’s a binary protocol, HTTP/2 is easier to parse and provides additional security benefits over text-based protocols.
- The server push feature intuitively sends resources to the clients before they have a chance to request them, avoiding further round trips. The client can deny the pushed resources.
HTTP/2 is compatible with almost all major browsers. It’s also backward compatible with previous versions of the protocol such as HTTP/1.1. The standardization effort of HTTP/2 was supported by most major client browsers, including Chrome and Firefox, but only over a secure connection (HTTPS with HTTP/2). By the end of 2015, most major browsers had added HTTP/2 support. For enabling HTTP/2, it’s crucial to get an SSL/TLS certificate to make every page on the website use HTTPS.
Purchase an SSL Certificate from CheapSSLSecurity & Save Up to 88%!
We offer the best discount on x.509 digital certificates with SSL certificates starting as low as $5.45 per year.
Enable HTTP/2 for Web Servers
Now you know the benefits of HTTP2 over its predecessors. So, let’s look at how to enable HTTP2 on web servers. Since it is supported only over HTTPS, as a prerequisite your server should be configured to use HTTPS. TLS 1.2 or higher with modern cipher suites is also required to enable HTTP/2 on the server. Listed below are some of the standard web servers along with the version numbers that support HTTP/2:
- Apache version 2.4.17 or higher has inbuilt HTTP/2 support.
- HTTP/2 was not supported before IIS version 10.0, but higher versions of Windows Server 2016 support HTTP/2.
- Nginx Open Source version 1.9.5 or higher has inbuilt support for HTTP/2. Nginx Plus R7 and all higher versions have full support for HTTP/2.
Is HTTP/2 Enabled for the Website?
HTTP/2 integration has been done seamlessly to the extent that one might not even be aware of using websites being served over HTTP/2. A quick and easy way to check this is by using addons. On Firefox, we have HTTP/2 Indicator by Cheng Sun and Brandon Siegel, and HTTP/2 and SPDY indicator being offered by someone with the username “rauchg” on Google Chrome.
The other way to ingrate HTTP/2 doesn’t require addons.
- In Firefox, go to the Web Developer section of the menu and select the Network tab. From the Developer tools window that opens, reload the page. Select any resource, and under the Header tab in the right pane, you should be able to see the specific version information.
- In Google Chrome, go to Developer Tools (Ctrl+Shift+I) and right-click on any of the tabs that appear such as name, status, type, size, etc. From the dropdown menu, check the protocol option and you should be able to see the protocol version against each resource being requested. You can also select each resource to view their header information.