HTTP/1.1 powers the web for more than 15 years now. It has seen browsers come and go (and Mark Zuckerberg in diapers). Why do we need a new (or at least revised) protocol? For performance and capacity reasons in the first place.
HTTP/2 is so badass, it doesn’t have minor versions
Just like Chuck Norris, there’s only one version of HTTP/2. No HTTP/2.0 or HTTP/2.0.2b.
In other words, the version only indicates wire compatibility, not feature sets or “marketing”.
So, what’s new? Really?
We can read on the Github site
- is binary, instead of textual
- is fully multiplexed, instead of ordered and blocking
- can therefore use one connection for parallelism
- uses header compression to reduce overhead
- allows servers to “push” responses proactively into client caches
More speed, less errors, caching the future
Binary protocols are more efficient, more compact and less error-prone.
Multiplexing allows a client to use just one connection per origin to load a page. Server push will allow the server to push resources (images, stylesheets, scripts) to the browser it knows it will need into its cache, nifty! Header compression will save a lot of time, especially on mobile devices, by reducing the amount of requests necessary.
Great, where’s the button to switch to HTTP/2?
In most (modern) browsers you will find this setting under Settings > Internet Options > Protocols > HTTP > Versions > HTTP/2.
No seriously. We’ll have to wait for the web to update its servers and proxies. We can help of course. The list of implementations is already impressive, it’s just a matter of time.
What does it mean for Web Development/Developers
Web Developers are used to working around the shortcomings of HTTP/1.1. Concatenating scripts, spriting images and all sort of hacks to lower the amount of requests. Most of these “HTTP/1.1” techniques actually hurt performance using HTTP/2. It will be interesting to see how we will manage the transition…
What about Status201
Nothing left to complain about?
Sure there is… The biggest shortcoming in my opinion is the fact that HTTP/2 doesn’t explicitly require encryption. Apparently the Working Group had an “extensive discussion” about this, but in the end decided not to. Luckily all browsers so far only support encrypted HTTP/2 and a lot of other implementations require encryption as well. A lot of websites already switched to https because Google told them they would rank higher on search result pages. But most of the web still is just plain text over the wire. Isn’t that really, really silly, come on. I mean: come on. Can’t we at least give the NSA a really hard time..?