Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Products & Solutions

HTTP/2: Better, Faster, Stronger

image

The evolution of web communication protocols is a testament to the continuous pursuit of faster, more efficient and secure data transfer methods. Most of us have experienced days where web pages have taken ages to load. In 2012, some layer 7 enthusiasts started looking at the developer tools to understand what was causing the delay, and ended up learning that requests were getting stuck in the queue behind specific resource requests waiting to be completed. 

That’s when the HTTP/2 took off like a champ, mainly focusing on performance acceleration. HTTP/2 is a major revision of the Hypertext Transfer Protocol (HTTP), which underpins the web. Officially standardized in 2015, HTTP/2 was designed to address the shortcomings of its predecessor, HTTP/1.1, by enhancing speed, security and performance.

The Journey from HTTP/1.1 to HTTP/2

The web has come a long way since HTTP/1.1, which was introduced in 1999. While it served the internet well for over a decade, the exponential growth in web traffic and the increasing complexity of web applications exposed its limitations. HTTP/2 was developed to address these challenges by making web communication faster, more efficient, and more secure.

  • Overcoming limitations: HTTP/1.1’s inefficiencies, such as head-of-line blocking, excessive latency due to uncompressed headers, and the lack of prioritization, became more apparent as websites became richer and more interactive. HTTP/2’s multiplexing, header compression, and stream prioritization features directly tackle these issues, ensuring that the modern web applications can perform optimally.
  • Driving adoption: Since its standardization, HTTP/2 has seen widespread adoption, with the majority of major browsers and web servers supporting it. This rapid uptake is a testament to the significant performance benefits it offers, making it a critical protocol for the future of web communication.

 

Why HTTP/2 Is a Game-Changer for Web Communication

Multiple TCP ConnectionsSingle TCP Connection
  • Parallel requests: HTTP/1.1 had a major limitation known as head-of-line blocking (HOL), where requests had to be processed sequentially. This created a bottleneck, especially on resource-heavy pages. HTTP/2 revolutionizes this by introducing multiplexing, allowing multiple requests and responses to be sent over a single connection simultaneously. This dramatically reduces page load times and enhances the user experience.
  • Improved resource utilization: By sending and receiving multiple requests concurrently, HTTP/2 makes better use of available bandwidth, ensuring that all resources are loaded efficiently without unnecessary delays.

 

  • Header compression: Reducing overhead for fast performance
    • HPACK compression: HTTP/2 introduces a new header compression technique called HPACK. In HTTP/1.1, headers were sent as plain text, leading to significant overhead, especially on repetitive requests. HPACK reduces the size of these headers, decreasing the amount of data that needs to be transmitted and speeding up communication.
    • Lower latency: By compressing headers, HTTP/2 reduces latency, allowing for faster data transfer and improved overall performance of web applications.

 

  • Stream prioritization: Optimizing content delivery
    • Priority levels: Not all resources on a webpage are of equal importance. HTTP/2 allows the developers to assign the priority levels to different streams, ensuring that critical resources (e.g., HTML, CSS, Javascripts, and above-the-fold contents) are loaded first. This streaming prioritization optimizes the loading experience for users—especially on complex websites.
    • Adaptive resource management: By dynamically adjusting the order of resource loading based on importance, HTTP/2 ensures that essential resources are delivered quickly, significantly improving the performance of the websites.

 

  • Server push: Preemptively sending resources
    • Proactive resource delivery: HTTP/2 introduces the concept of server push, where the server can send resources to the client before they are requested. For instance, if a client requests a HTML page, the server can push the associated CSS and JavaScript files along with it. This eliminates the need for the client to make additional requests.
    • Reduce round trips: Server push reduces the number of round trips between the client and server, further accelerating the page load process and enhancing the user experience

 

  • Enhanced security: Building on TLS
    • Encrypted connections: While HTTP/2 does not mandate encryption, the vast majority of implementations require it. This widespread use of transport layer security (TLS) ensures that the data transferred between the client and servers is encrypted, protecting users from eavesdropping and man-in-the-middle attacks.
    • Stronger security protocols: HTTP/2 encourages the adoption of modern, more secure encryption protocols, further strengthening the security posture of web communications.

Zscaler Supports Inspection Over HTTP/2 Without Compromising Performance

Zscaler is committed to delivering cutting edge cloud security solutions that align with the latest advancements in web technologies. As part of our comprehensive suite of services, we fully support HTTP/2 through our proxy gateways. You can enable HTTP/2 web protocols in the organization global settings. By leveraging the enhanced speed, security, and performance of HTTP/2, we ensure that your web applications are not only faster but also more secure against emerging threats.

How to Configure and Enforce Policies on HTTP/2 Traffic on Zscaler

A global configuration knob needs to be enabled in the backend for Zscaler customers to utilize HTTP/2 support. To do this, start by raising a provisioning ticket with the Zscaler support team. Once enabled, granular configuration checks start to appear in the SSL inspection policy pages. 

 

SSL inspection rule to enable HTTP/2

 

An additional configuration knob is provided under Administration -> Advanced Settings to handle non-browser HTTP2 traffic. This option is disabled by default. If it is kept in the same state, then the non-browser requests for HTTP2 connections will be downgraded to HTTP/1.1 connections by the service edges. For example, if the Zscaler public service edge receives a preceding CONNECT request with a non-browser user-agent and if it is not sent via ZCC tunnel 1.0 the request will be downgraded to HTTP/1.1. 

Toggle to enable HTTP/2 

 

Conclusion

HTTP/2 represents a monumental leap forward in web communication protocols. By introducing features such as multiplexing, header compression, stream prioritization, and server push, HTTP/2 addresses the key limitations of HTTP/1.1, offering faster, more efficient, and secure data transfer. As the web continues to evolve, HTTP/2 will play a critical role in enabling the next generation of web applications, ensuring that users can enjoy richer, faster, and more secure online experiences.

Innovation is one of the key values of Zscaler’s DNA. We keep track of the evolving protocols like, QUIC, TLS 1.3, and HTTP/2, validate their risks and advantages, and carefully design our support for these technologies.

We have seen a significant improvement in the user experience from the day we started supporting the HTTP2 negotiation support through our service edges. With the Zscaler SWG support for HTTP/2, you can now be assured that the threats inside these modern communications are also monitored, so that your organization can maintain high standards of security while enjoying the performance benefits of HTTP/2.

form submtited
Thank you for reading

Was this post useful?

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.