HTTP is the protocol designed by the IETF and W3C to regulate transactions of information (files, database queries, etc.) on the World Wide Web, after 18 years since the implementation of HTTP 1.0 by Tim himself Berners-Lee, the same version 2.0 is about to reach our browsing sessions (the forecast is that this occurs from November 2014).
The current HTTP 1.1 protocol dates back to 1999, a time when web technologies were radically different than those we use today (without going further: multimedia traffic was anecdotal, and mobile) and it was impossible to imagine the level of traffic that moves the WWW today. Therefore, in 2009 Google announced it was working on a new HTTP protocol support, but would improve safety and efficiency (intended to achieve a reduction in load time of pages of at least 50%). His name was SPDY (pronounced ‘speedy’), and soon made public, the HTTPbis Working Group of the IETF decided to use it as the basis for the new version of HTTP in which they were working.
Among the changes introduced and used to improve the efficiency of Web communications, we can mention the following:
- Compressing HTTP headers, which substantially restrict the volume of data transmitted.
- Sending cookies only occurs if its value has changed with respect to your last shipment.
- Multiplexing HTTP requests on the same TCP connection (Google is also conducting tests with another proprietary protocol called QUIC, which performs this multiplexing connections over UDP instead of TCP, thus speeding up further navigation).
- Support for ‘server push’ (which can force a server sending data to the client without this the software requested, so saved a connection).
- All this translates into lower consumption of bandwidth, lower information overload and faster loading of web content.
With respect to security, the main change is the mandatory use of SSL with HTTP 2.0 connections. This decision appears to be motivated by the ‘Scandal Snowden’ online spying the NSA. As indicated by the HTTP 2.0 project leader, Mark Nottingham, it was felt that the only way to improve overall web security was forced to use HTTPS url’s which does not mean that traditional non-secure HTTP to go away : simply they continue to function under version 1.1 of the protocol.