HTTP/2 is a major upgrade to the HTTP standard, aimed at improving the speed and security of client-server interactions across the Internet. HTTP/2 adds several new features while maintaining backward compatibility, so browsers and servers without HTTP/2 support continue to work fine, while those that have it can take advantage of the performance enhancements.
The main focus of the HTTP/2 improvements is speed. A major limitation of HTTP/1 is that only one resource request is allowed at a time on a given connection. To minimize load times for web pages composed of dozens of images, scripts, and stylesheets (as most are), browsers generally open multiple HTTP/1 connections to a site at once so they can request resources in parallel, with significant overhead required for each connection. HTTP/2 uses multiplexed connections to transmit multiple resources over a single connection, significantly reducing the number of connections between clients and web servers.
HTTP/2 also makes extensive use of compression, which improves performance by saving bandwidth. In HTTP/2, headers are sent as compressed binary rather than as human‑readable plaintext. The considerable bandwidth savings offset the minor increase in CPU load (to compress and uncompress the headers) and the inconvenience to human users who can’t read the headers (for debugging purposes, for instance).
HTTP/2 also introduces resource prioritization to improve the user experience of page loading. Web browsers and other clients can now indicate the order in which they want to receive resources. Browsers with good HTTP/2 support can render pages significantly faster by prioritizing the resources the user needs to see first. Early testing of HTTP/2 performance has shown some pages load almost twice as fast.
While HTTP/2 did not explicitly change the security requirements for HTTP, almost all browsers that use HTTP/2 require SSL/TLS to be enabled at the website, which makes it mandatory for all intents and purposes. Because HTTP/2 uses a single, multiplexed connection per client, the cost of securing websites has dropped considerably. Instead of having to do an SSL/TLS handshake (where clients and servers verify identities and exchange encryption keys) for each of the many connections opened by a browser, just one is performed to cover the entire duration of a client session.
How Can NGINX Plus Help?
- NGINX Plus was developed for high‑performance, high‑concurrency deployments. If you’re using HTTP/2 to optimize your site for speed, you can maximize its performance with NGINX Plus.
- Speed improvements are just one part of providing a great user experience. NGINX Plus offers comprehensive monitoring so you can track how HTTP/2 support affects your users.
HTTP/2 and TLS are likely to improve your site performance and let users know that their interaction with your site is secure. Whether you’re first on your block to implement HTTP/2, or catching up to competitors, watch this conference talk for an in-depth discussion of HTTP/2’s features, advantages, and drawbacks.