Skip to main content

Evolution of HTTP

HTTP Evolution HTTP (Hypertext Transfer Protocol) has evolved significantly over the past three decades:
  • 1996: HTTP/1.0 introduced
  • 1997: HTTP/1.1 released (still widely used)
  • 2015: HTTP/2 standardized
  • 2019: HTTP/3 finalized
With each iteration, the protocol has evolved with new features and optimizations to handle the growing demands of the modern web.

HTTP/1.x

HTTP/1.0 and HTTP/1.1 Features

HTTP/1 introduced fundamental features that shaped the web:
1

Persistent Connections (HTTP/1.1)

Reuse TCP connections for multiple requests instead of opening a new connection for each request.
Connection: keep-alive
Keep-Alive: timeout=5, max=100
Benefits:
  • Reduced latency
  • Lower CPU and memory usage
  • Fewer TCP handshakes
2

Pipelining (HTTP/1.1)

Send multiple requests without waiting for responses (though rarely implemented).
Client sends:
Request 1 →
Request 2 →
Request 3 →

Server responds:
← Response 1
← Response 2
← Response 3
Limitation: Head-of-line blocking
3

Headers

Metadata for requests and responses providing context and control.
GET /api/users HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Accept: application/json
Authorization: Bearer token123
4

Methods

Standard HTTP methods for different operations:
  • GET, POST, PUT, DELETE, PATCH
  • HEAD, OPTIONS, TRACE, CONNECT

HTTP/1.x Limitations

Despite being over 25 years old, HTTP/1.1 is still widely used, but it has significant performance limitations for modern web applications.
Key Problems:
  • Head-of-Line Blocking: Requests must complete in order
  • Multiple Connections: Browsers open 6-8 connections per domain
  • Uncompressed Headers: Repeated header data wastes bandwidth
  • No Server Push: Server can’t proactively send resources
  • Text-Based Protocol: Less efficient parsing

HTTP/1.1 Request Example

GET /api/users/123 HTTP/1.1
Host: api.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: application/json
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

HTTP/2

Why HTTP/2 is Faster HTTP/2 brought revolutionary improvements while maintaining backward compatibility with HTTP/1.1.

Key Features of HTTP/2

1

Binary Framing Layer

HTTP/2 encodes messages into binary format instead of text.
HTTP/1.1: Plain text
GET /index.html HTTP/1.1\r\nHost: example.com\r\n...

HTTP/2: Binary frames
[HEADERS Frame] [DATA Frame] [HEADERS Frame] ...
Benefits:
  • More efficient processing
  • Smaller message size
  • Less error-prone parsing
  • Enables multiplexing
2

Multiplexing

The binary framing allows full request and response multiplexing over a single TCP connection.
Single Connection:
┌─────────────────────────────┐
│ Stream 1: index.html        │
│ Stream 2: style.css         │
│ Stream 3: script.js         │
│ Stream 4: image.png         │
└─────────────────────────────┘

Frames interleaved:
[S1-HEADERS][S2-HEADERS][S1-DATA][S3-HEADERS]
[S2-DATA][S4-HEADERS][S3-DATA][S1-DATA]...
Benefits:
  • Eliminates head-of-line blocking at application layer
  • No need for multiple connections
  • Better utilization of single connection
  • Reduced latency
3

Stream Prioritization

Developers can customize the relative weight of requests to optimize loading.
Stream Dependencies:
  index.html (Priority: 256)
    ├─ style.css (Priority: 220)
    ├─ script.js (Priority: 220)
    └─ image.png (Priority: 100)

Server sends more frames for higher-priority streams
Use Cases:
  • Load critical CSS before images
  • Prioritize above-the-fold content
  • Optimize perceived performance
4

Server Push

Server can send additional resources along with the requested page.
Client requests: GET /index.html

Server pushes:
  - index.html (requested)
  - style.css (pushed)
  - script.js (pushed)
  - logo.png (pushed)

Client receives all resources without additional requests
Benefits:
  • Reduced round trips
  • Faster page loads
  • Better resource utilization
Server push was removed in HTTP/3 due to complexity and limited adoption.
5

HPACK Header Compression

HTTP/2 uses a special compression algorithm to make headers smaller.
First Request Headers (full):
  :method: GET
  :path: /api/users
  :scheme: https
  :authority: api.example.com
  user-agent: Mozilla/5.0...
  accept: application/json

Subsequent Request (compressed):
  :path: /api/orders  # Only changed header
  # Other headers referenced from table
Compression Savings:
  • Typical reduction: 85-90%
  • Static table for common headers
  • Dynamic table for custom headers

HTTP/2 Performance Gains

HTTP/2 delivers significant performance improvements:
  • Faster Page Loads: 30-50% improvement in typical scenarios
  • Better Mobile Performance: Fewer connections reduce battery drain
  • Improved Bandwidth Utilization: Header compression and multiplexing
  • Reduced Latency: Fewer round trips required

HTTP/2 Still Uses TCP

While HTTP/2 solved application-level head-of-line blocking, it still suffers from TCP-level head-of-line blocking.
If one TCP packet is lost, all streams are blocked until retransmission completes.

HTTP/3

HTTP/3 represents a fundamental shift by moving away from TCP to UDP-based QUIC protocol.

QUIC Protocol

QUIC (Quick UDP Internet Connections) is Google’s protocol built on top of UDP. 
HTTP/1.1 and HTTP/2:    HTTP/3:
┌──────────────┐        ┌──────────────┐
│     HTTP     │        │     HTTP     │
├──────────────┤        ├──────────────┤
│     TLS      │        │     QUIC     │
├──────────────┤        │  (includes   │
│     TCP      │        │   TLS 1.3)   │
├──────────────┤        ├──────────────┤
│      IP      │        │     UDP      │
└──────────────┘        ├──────────────┤
                        │      IP      │
                        └──────────────┘

Key Advantages of HTTP/3

1

Eliminates Head-of-Line Blocking

QUIC streams are independent at the transport layer.
TCP (HTTP/2):
  Packet loss blocks ALL streams
  Stream 1 ████░░ (blocked)
  Stream 2 ████░░ (blocked)
  Stream 3 ████░░ (blocked)

QUIC (HTTP/3):
  Packet loss blocks only affected stream
  Stream 1 ██████ (continues)
  Stream 2 ████░░ (blocked)
  Stream 3 ██████ (continues)
2

Faster Connection Establishment

QUIC combines handshake with TLS, reducing round trips.
HTTP/2 (TCP + TLS):
  Round Trip 1: TCP SYN/ACK
  Round Trip 2: TLS handshake
  Round Trip 3: Data transmission
  Total: 3 RTT

HTTP/3 (QUIC):
  Round Trip 1: QUIC handshake + TLS + Data
  Total: 1 RTT (0-RTT for resumed connections)
3

Improved Connection Migration

Connections survive network changes (WiFi to cellular).
TCP:
  Connection tied to: IP + Port
  Network change = New connection

QUIC:
  Connection tied to: Connection ID
  Network change = Same connection
  No reconnection needed
4

Built-in Encryption

QUIC includes TLS 1.3 by default - encryption is mandatory.
5

Better Loss Recovery

More sophisticated packet recovery mechanisms than TCP.

HTTP/3 Adoption

HTTP/3 is being rapidly adopted:
  • Google: All services use HTTP/3
  • Facebook: Enabled for most traffic
  • Cloudflare: Default for all customers
  • Major CDNs: Widespread support
Browser Support:
  • Chrome/Edge: Full support
  • Firefox: Full support
  • Safari: Full support

Protocol Comparison

FeatureHTTP/1.1HTTP/2HTTP/3
TransportTCPTCPUDP (QUIC)
EncryptionOptionalOptionalMandatory
MultiplexingNoYesYes
Header CompressionNoHPACKQPACK
Server PushNoYesNo
HOL BlockingYes (App)No (App), Yes (TCP)No
Connection Setup3 RTT3 RTT1 RTT (0-RTT)
Stream PriorityNoYesYes
FormatTextBinaryBinary
Connection MigrationNoNoYes

HTTP Request Methods

HTTP Request Methods HTTP methods are consistent across all versions: 
GET /api/users/123 HTTP/2
Host: api.example.com

# Retrieves a resource
# Idempotent and safe
# Should not modify server state

Additional Methods

  • HEAD: Like GET but returns only headers
  • OPTIONS: Describes communication options
  • CONNECT: Establishes tunnel (for proxies)
  • TRACE: Performs message loop-back test

HTTP Status Codes

HTTP Status Codes HTTP status codes indicate request results:

1xx Informational

  • 100 Continue: Client should continue request
  • 101 Switching Protocols: Server switching protocols

2xx Success

  • 200 OK: Request succeeded
  • 201 Created: Resource created successfully
  • 204 No Content: Success with no response body

3xx Redirection

  • 301 Moved Permanently: Resource permanently moved
  • 302 Found: Temporary redirect
  • 304 Not Modified: Cached version still valid

4xx Client Error

  • 400 Bad Request: Invalid request syntax
  • 401 Unauthorized: Authentication required
  • 403 Forbidden: No permission
  • 404 Not Found: Resource doesn’t exist
  • 429 Too Many Requests: Rate limit exceeded

5xx Server Error

  • 500 Internal Server Error: Generic server error
  • 502 Bad Gateway: Invalid response from upstream
  • 503 Service Unavailable: Server temporarily unavailable
  • 504 Gateway Timeout: Upstream timeout

HTTPS and Security

How HTTPS Works HTTPS (HTTP Secure) uses TLS to encrypt data transmission.

TLS Handshake Process

1

TCP Connection

Client and server establish a TCP connection (3-way handshake).
2

Client Hello

Client sends:
  • Supported cipher suites
  • Maximum TLS version
  • Random number
Server responds with:
  • Chosen cipher suite
  • TLS version
  • SSL certificate (with public key)
3

Certificate Validation

Client validates the SSL certificate:
  • Check certificate authority (CA)
  • Verify hostname matches
  • Check expiration date
  • Validate certificate chain
4

Key Exchange

  • Client generates session key
  • Encrypts session key with server’s public key
  • Server decrypts with private key
  • Both now share the same session key
5

Secure Communication

All data transmitted using symmetric encryption with the session key.

Why Symmetric Encryption for Data?

HTTPS uses asymmetric encryption (public/private keys) for the handshake, then switches to symmetric encryption for data transmission.
Reasons:
  1. Security: Asymmetric encryption is one-way; symmetric encryption provides bidirectional security
  2. Performance: Symmetric encryption is much faster with less computational overhead

When to Use Each HTTP Version

HTTP/1.1

Use when:
  • Legacy system compatibility required
  • Simple, low-traffic applications
  • Client doesn’t support HTTP/2+

HTTP/2

Use when:
  • Modern web applications
  • Multiple resources per page
  • Need multiplexing benefits
  • Browser-based applications
  • Wide client compatibility needed

HTTP/3

Use when:
  • Mobile applications (connection migration)
  • High-latency networks
  • Video streaming
  • Real-time applications
  • Modern infrastructure
  • Best possible performance needed
Most modern servers support protocol negotiation, allowing clients to use the best version they support.

Migration Considerations

Upgrading to HTTP/2

1

Enable TLS

HTTP/2 requires HTTPS in browsers.
2

Update Server Software

Nginx 1.9.5+, Apache 2.4.17+, or cloud load balancers.
3

Review Resource Bundling

HTTP/2 multiplexing may make bundling unnecessary.
4

Test Thoroughly

Verify performance improvements and compatibility.

Adopting HTTP/3

1

CDN Support

Use CDN with HTTP/3 support (Cloudflare, Fastly).
2

Server Configuration

Enable QUIC support in your servers.
3

Fallback Strategy

Maintain HTTP/2 support for compatibility.
4

Monitor Performance

Track metrics to validate improvements.

Key Takeaways

HTTP continues to evolve, with each version bringing significant performance and security improvements while maintaining backward compatibility.
  • HTTP/1.1 pioneered persistent connections and is still widely used (25+ years)
  • HTTP/2 introduced multiplexing, header compression, and binary framing
  • HTTP/3 moves to UDP/QUIC, eliminating transport-layer head-of-line blocking
  • Each version maintains the same HTTP semantics (methods, status codes)
  • HTTPS encryption is mandatory in HTTP/3, optional in earlier versions
  • Modern applications should use HTTP/2 minimum, HTTP/3 when possible
  • Protocol negotiation allows clients to use the best supported version

Build docs developers (and LLMs) love

Get started for freeTalk to us