Prepare for faster, safer web browsing: The next-gen HTTP/2 protocol is done

The future of the web is almost ready for prime time.

Work on HTTP/2 by the Internet Engineering Task Force HTTP Working Group is finished, according to group chair Mark Nottingham, who made the announcement on his personal blog. HTTP/2 now has to go through the final editing process before it is published and becomes an official web standard.

The announcement comes a little more than a week after Google announced that it was discontinuing SPDY in favor of HTTP/2 inside Chrome. SPDY won’t fully disappear from Chrome until early 2016, while HTTP/2 support will roll out to Google’s browser in the coming weeks.

Why this matters: Since HTTP is part of the very foundation of the web, any changes that come to the protocol are a big deal. HTTP/2 promises to make response times faster for web clients (browsers) and reduce the load on servers. But it will take time for the new standard to roll out across the web and for all the kinks to get sorted out. As Nottingham explained in a blog post from 2014, “HTTP/2 isn’t magic Web performance pixie dust; you can’t drop it in and expect your page load times to decrease by 50%.”  Once server admins get the hang of HTTP/2, however, it should boost web performance.

HTTP/2 features

The biggest change with HTTP/2 is a new feature called mutliplexing that, together with header compression, allows multiple server requests to be sent at the same time. HTTP/2 also uses fewer connections between server and client, and allows servers to push content straight to a browser.

That last bit is important since it can also improve load times. With “server push” a website could, for example, send a CSS stylesheet to the browser before it requests it—a logical move since the browser needs the CSS data to know how to lay out the page.

One thing that won’t be coming to HTTP/2, however, is mandatory SSL/TLS (HTTPS) encryption. That was the original plan back in late 2013, but it has since been scrapped. HTTP/2 will still make TLS encryption easier to implement, according to Nottingham, because the new protocol is designed to reduce the speed hits that sites usually take using HTTPS right now. But it won’t be a mandatory part of the new standard.

That said, TLS may still be sort of mandatory for sites that want to use HTTP/2. According to Nottingham, developers for Chrome and Firefox have said that the two popular browsers will only use HTTP/2 over TLS. That means site developers that don’t add TLS to an HTTP/2-enabled site won’t be able to use the new standard with two of the most popular browsers out there.

While the bulk of the work on HTTP/2 is done, the IEFT HTTP WG isn’t going anywhere. In fact, it’s already looking ahead to the possibility of an HTTP/3, as well as improving current HTTP specs with other features like HTTP message signing for improved server-to-browser authentication.

This story, "Prepare for faster, safer web browsing: The next-gen HTTP/2 protocol is done" was originally published by PCWorld.