HTTP is the backbone of the web. Without it, nothing happens: it governs the way browsers and web servers communicate. It is thanks to this protocol that an Internet user can access content!
HTTP/3 is therefore the new standard (since summer 2022) which follows in the footsteps of HTTP/1.1 (published in 1997) and HTTP/2 (published in 2015) and which promises great improvements for the user experience, in terms of performance, reliability and security.
HTTP/3 adapts to mobile uses
We’re not telling you anything new: traffic today is mostly mobile , which was obviously not the case at the beginning of the HTTP protocol. This mobile usage often involves an unexpected network change due to our travels (for example when we switch from WiFi to cellular data, when we leave the house or office or when we travel by train).
Unfortunately, HTTP/2 has a significant limitation for mobile connections: TCP Head Of Line blocking . Let’s try to understand what is behind this barbaric name.
HTTP/2 is indeed based on the TCP transport protocol oriented “connection”: when a machine A sends data to a machine B, they must first establish a connection (TCP handshake). To do this, machine B is notified of the arrival of the data and sends an acknowledgement of receipt. Of course this reinforces the reliability of the connection, but errors are blocking: as soon as a transfer fails, all other transfers are put on hold until the error is resolved or the connection is considered to have failed and established again. So as soon as we are in a mobile situation, the change of network or the loss of packets creates errors and as long as the connection is not considered to have failed, the TCP protocol continues to send packets. This therefore generates a succession of timeouts . Result: the user experience is slowed down (we wait for 30s, nothing happens and we end up reloading the page). Conversely, HTTP/3 is based on the QUIC (Quick UDP Internet Connections) protocol, which is “non-connection” oriented: when machine A sends data to machine B, there is no prior connection establishment. Machine B is not notified of the arrival of the data and receives it without sending an acknowledgement, the flow is unidirectional. In the event that a packet is lost, where the TCP protocol “loops” until all the packets are recovered, the QUIC protocol simply requests the said packet again. The connection is no longer blocking, so there is no longer a succession of timeouts when changing networks. The connection no longer suffers from the slowdowns encountered with HTTP/2.
Now that the introductions with TCP and QUIC are made, perhaps this last method seems less secure or less reliable to you. We reassure you: QUIC natively integrates an encryption and security system.
HTTP/3 for more secure connections
The new QUIC transport protocol also natively integrates a new encryption method , equivalent to TLS1.3, called QUIC Crypto.
Encryption is therefore done directly in the transport layer, rather than in the application layer. This means that the connection is inherently always encrypted, which is a significant change! Previously, with HTTPS , the encryption layer and transport layer connections were separate. TCP connections could therefore carry encrypted or unencrypted data. QUIC now establishes encrypted connections by default at the transport layer – so application layer data will always be encrypted .
What does HTTP/3 actually bring?
Let’s talk about concrete things! What do we have to gain with HTTP/3?
As you can see, HTTP/3 speeds up web browsing while improving security. But to what extent?
Request metrics performed tests to estimate the performance gains from HTTP/3.
In order to get as close as possible to real-world use, the test consisted of three scenarios:
- a small site,
- a site rich in content (lots of images and some JS)
- and a SPA (heavy in JS).
Result, HTTP/3 is:
- 200ms faster for small site
- 325ms faster for content site
- 300 ms faster for a SPA
Although these tests would benefit from being more in-depth, they nevertheless provide an initial idea of the gains made by this new protocol.
So you can imagine that, web performance aficionados like us, we’re not going to stop there. We’ll tell you (a lot) more soon.
Until then, remember that HTTP/3 is another step towards a more powerful and secure web. And… stay tuned!
In the meantime, find out how to optimize your site’s performance easily and quickly: