← Back to glossary

HTTP/2 & HTTP/3

performance Intermediate

Also Known As

HTTP/2 h2 HTTP2 protocol

TL;DR

Modern HTTP protocol versions that deliver significant performance gains via multiplexing, header compression, and (HTTP/3) UDP transport.

Explanation

HTTP/2 (2015) addresses HTTP/1.1 bottlenecks with: multiplexing (multiple requests over one TCP connection, no head-of-line blocking at the HTTP layer), header compression (HPACK), server push, and binary framing. HTTP/3 (2022) replaces TCP with QUIC (UDP-based), eliminating TCP head-of-line blocking and improving performance on lossy connections. For PHP applications, HTTP/2 is enabled at the web server/proxy layer (Nginx, Caddy, Cloudflare) — no PHP code changes required. HTTP/2 makes domain sharding and CSS/JS concatenation anti-patterns obsolete.

Common Misconception

✗ HTTP/2 makes domain sharding and resource bundling unnecessary. HTTP/2 multiplexing reduces the need for domain sharding but bundling still reduces request overhead for uncacheable resources and critical path rendering. HTTP/2 push has largely been deprecated in favour of early hints.

Why It Matters

HTTP/2 multiplexes multiple requests over a single TCP connection — eliminating the per-domain connection limit and head-of-line blocking that made HTTP/1.1 concatenation and spriting necessary.

Common Mistakes

Still bundling all JS/CSS into single files for HTTP/2 — multiplexing makes many small files efficient.
Not enabling HTTP/2 on the web server — most modern nginx/Apache versions support it with a config change.
HTTP/2 without HTTPS — browsers only support HTTP/2 over TLS.
Not using HTTP/2 server push for critical resources — eliminates a round trip for known dependencies.

Code Examples

✗ Vulnerable

# nginx — HTTP/1.1 only:
server {
    listen 443 ssl;
    # Missing: http2 directive
    # listen 443 ssl http2; — enables HTTP/2
}

✓ Fixed

# Enable HTTP/2 in nginx
server {
    listen 443 ssl http2;  # add 'http2' here
    ssl_certificate     /etc/ssl/certs/yourapp.crt;
    ssl_certificate_key /etc/ssl/private/yourapp.key;

    # HTTP/2 Server Push (push critical CSS/JS with HTML response)
    location = / {
        http2_push /css/app.css;
        http2_push /js/app.js;
        proxy_pass http://php-fpm;
    }
}

# PHP — Link header triggers server push
header('Link: </css/app.css>; rel=preload; as=style, </js/app.js>; rel=preload; as=script');

# Benefits of HTTP/2:
# - Multiplexing: multiple requests over one connection
# - Header compression (HPACK)
# - Server push
# - Binary protocol (faster to parse)

# Verify: curl -I --http2 https://yourapp.com | grep HTTP

References

Tags

Added 15 Mar 2026

Edited 22 Mar 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 1

Amazonbot 6 Perplexity 3 Unknown AI 3 Google 3 SEMrush 3 Ahrefs 2 Majestic 1

Also referenced

HTTP Caching (ETags, Cache-Control) 33 Gzip / Brotli Compression 32 CDN (Content Delivery Network) 24

How they use it

crawler 19 crawler_json 1 pre-tracking 1

Related categories

performance 1.6k

⚡ DEV INTEL Tools & Severity

🟡 Medium ⚙ Fix effort: Low

⚡ Quick Fix

Upgrade to HTTP/2 in Nginx (listen 443 ssl http2) — it multiplexes requests over one connection, eliminating the need to bundle files aggressively

📦 Applies To

any web

🔗 Prerequisites

HTTP Caching (ETags, Cache-Control) Gzip / Brotli Compression SSL/TLS Certificate Types

🔍 Detection Hints

Nginx without http2 keyword on listen directive; HTTP/1.1 responses where HTTP/2 is available; domain sharding workaround no longer needed

Auto-detectable: ✓ Yes curl lighthouse webpagetest ssllabs

⚠ Related Problems

performance degradation slow response Render-Blocking Resources

🤖 AI Agent

Confidence: Medium False Positives: Low ✓ Auto-fixable Fix: Medium Context: File