Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing Web Optimizations China Network
Video Streaming & Delivery
Cloudflare Stream Stream Delivery
Advanced Security
DDoS Protection WAF Rate Limiting SSL / TLS DNSSEC Cloudflare Access Cloudflare Spectrum Argo Tunnel
Insights
Analytics
Cloudflare for Developers
Cloudflare Workers Cloudflare Workers KV Mobile SDK
Domain Registration
Cloudflare Registrar
Cloudflare Marketplace
Cloudflare Apps
Cloudflare for Everyone
1.1.1.1
Performance
Accelerate Internet Applications Accelerate Mobile Experiences Ensure Application Availability
Security
Mitigate DDoS Attacks Prevent Customer Data Breaches Stop Malicious Bot Abuse
Industries
SaaS Publishers Public Sector
Partnerships
Partner Program Hosting Provider Referral Reseller / MSP OEM / Technology Workers Partner Program Peering Portal Bandwidth Alliance
Integrations
IBM Cloud WordPress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes WP Engine
Develop
API Guide Developer Hub Developer Fund Documentation
Explore
Case Studies Cloudflare in China Network Map Webinars Product Updates White Papers GDPR
Learn
DDoS Learning Center CDN Learning Center DNS Learning Center Security Learning Center Performance Learning Center Serverless Learning Center
Connect
Blog Contact Sales Community Support
Contact

HTTP/2

Speed up your website with the latest version of HTTP

Cloudflare HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, our edge network will take full advantage of HTTP/2 performance benefits. For older browsers or non-HTTPS requests, we’ll fall back to HTTP/1.1. You don’t need to choose between better performance and backwards-compatibility.

HTTP/2 is automatically enabled for all accounts on any plan level, and requires no changes to your web server configuration.

Sign up now View a live demo
Contact our team Under DDoS attack?

What is HTTP/2?

HTTP/2 is the first upgrade to the Hypertext Transfer Protocol since 1999. It’s goal is to improve website performance by optimizing how HTTP is expressed “on-the-wire.” It doesn’t change the semantics of HTTP, which means header fields, status codes, and cookies work exactly the same way as in HTTP/1.1.

HTTP/2 began its life as Google’s SPDY protocol, which they designed to address many of the performance problems inherent in HTTP/1.1. The core benefits of SPDY have made their way into HTTP/2, improved by the global Internet community, and formalized into an Internet Standard.

Benefits of HTTP/2

HTTP/2 introduces several new features, and they’re all designed to improve page load times for your website visitors.

Multiplexing

Multiplexing is perhaps the most significant benefit of HTTP/2. HTTP/1.1 requires each request to use its own TCP connection. Multiplexing, in contrast, allows a browser to include multiple requests in a single TCP connection.

Multiplexing diagram

The problem is, a browser can only have a limited number of TCP connections open at any given time. For HTTP/1.1, this means a browser can only load a single resource at a time—every asset in a web page is sent back to the browser sequentially. Multiplexing allows a browser to request all these assets in parallel. This results in a dramatic performance gain.

HTTP/1.1 is sort of like buying a single item at a grocery store, taking it back home, going back to the store for the next item you need, and repeating until your pantry is fully stocked. Multiplexing gives you a shopping cart so you can pick up everything you need in one trip.

Header Compression

Modern websites rely on a lot of external assets: images, CSS, JavaScript, and fonts, just to name a few. Each time a browser requests one of these assets, it includes an HTTP header with the request. When the server sends the asset back to the browser, it also includes an HTTP response header. That’s a lot of overhead for the typical web page.

HTTP/2 forces all HTTP headers to be sent in a compressed format, reducing the amount of information that needs to be exchanged between browser and server. HTTP/1.1 does not provide any form of header compression.

Server Push

HTTP/2 Server Push lets our edge network send web assets back to your browser before it even knows it needs them. This speeds up page load times by eliminating unnecessary round trips. For example, when a browser requests an HTML page, you can “push” all of the CSS stylesheets, image resources, and other assets inside of that web page. After the browser parses the HTML and finds all those assets, they’ll already be loaded into the local browser cache. This avoids extra requests back to the server.

See more details about HTTP/2 Server Push.

Stream Priority

Stream priority is a mechanism for browsers to specify which assets they would like to receive first. For example, an HTTP/2-aware browser can use stream priority to load the HTML for a page first, followed by CSS, then JavaScript, and finally image assets. This order allows the browser to render the page as quickly as possible.

You can think of stream priority as an optimization on top of multiplexing. Multiplexing lets you send several requests in a single TCP connection, and stream priority lets you define the order of the responses. While multiplexing eliminates much of the TCP overhead, it does nothing to optimize transfer times from the server to the browser. This is what stream priority is for.

What Does HTTP/2 Mean for You?

You can serve your existing applications over HTTP/2 without any changes to the underlying code, but to take full advantage of all HTTP/2 has to offer, make sure you understand the impact that HTTP/2 will have on your website.

Web Content Optimization and HTTP/2

Much of the website optimization for HTTP/1.1 revolves around minimizing the number of TCP connections with the server. This results in practices like concatenating multiple CSS or JavaScript files into a single file, combining multiple image files into a single spritesheet, and spreading your website’s assets across multiple domains (sharding). Many of these techniques are no longer necessary in HTTP/2, and some of them can, in fact, hurt performance.

Concatenating files is no longer a best practice in HTTP/2. While concatenation can still improve compression ratios, it forces expensive cache invalidations. Even if only a single line of CSS is changed, browsers are forced to reload all of the assets. In HTTP/2, it’s better to ship granular resources and optimize how they’re cached.

Domain sharding should be avoided in HTTP/2. The goal of sharding is to maximize the amount of active TCP connections. However, each of these connections incur unnecessary overhead and compete with each other for bandwidth. Eliminating domain sharding also makes for simpler build and deployment processes, since all your assets can now live on a single server.

These are just a few optimizations to consideration when deciding if HTTP/2 is right for you.

Encryption and HTTP/2

HTTP/2 does not technically require an encrypted connection, but the majority of implementations only support HTTP/2 when used in conjunction with SSL/TLS. No browsers currently support HTTP/2 over an unencrypted connection. For practical purposes, this means that your website must be served over HTTPS to take advantage of HTTP/2.

If you’re not already serving your website over HTTPS, you can enable it for free with our Universal SSL offering.

Get Cloudflare HTTP/2

Cache DNS Responses at the Edge

HTTP/2 is available free of charge to all Cloudflare customers. HTTP/2 is automatically enabled for both Free and Pro accounts, and can be enabled with the click of a button for Business and Enterprise accounts.

Sign up now

Setting Up Cloudflare Is Easy

Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.

Cloudflare Pricing

Everyone’s Internet application can benefit from using Cloudflare.
Pick a plan that fits your needs.

Free $ 0 /month per website
Select
Expand to see more Hide
For personal websites, blogs, and anyone who wants to explore Cloudflare.

Learn More

The Free Plan includes all of these features:
  • Unmetered Mitigation of DDoS
  • Global CDN
  • Shared SSL certificate
  • Access to account Audit Logs
  • 3 page rules
Compare all features
PRO $ 20 /month per website
Select
Expand to see more Hide
For professional websites, blogs, and portfolios requiring basic security and performance.

Learn More

The Pro Plan includes everything in Free, and:
  • Web application firewall (WAF) with Cloudflare rulesets
  • Image optimizations with Polish™
  • Mobile optimizations with Mirage™
  • I'm Under Attack™ mode
  • Access to account Audit Logs
  • 20 page rules
Compare all features
BUSINESS $ 200 /month per website
Select
Expand to see more Hide
For small eCommerce websites and businesses requiring advanced security and performance, PCI compliance, and prioritized email support.

Learn More

The Business Plan includes everything in Pro, and:
  • Web application firewall (WAF) with 25 custom rulesets
  • Custom SSL certificate upload
  • PCI compliance thanks to Modern TLS Only mode and WAF
  • Bypass Cache on Cookie
  • Accelerate delivery of dynamic content with Railgun™
  • Prioritized email support
  • Access to account Audit Logs
  • 50 page rules
Compare all features
Enterprise contact us
Select
Expand to see more Hide
For companies requiring enterprise-grade security and performance, prioritized 24/7/365 phone, email, or chat support, and guaranteed uptime.

Learn More

The Enterprise Plan everything in Business, and:
  • 24/7/365 enterprise-grade phone, email, and chat support
  • 100% uptime guarantee with 25x reimbursement SLA
  • Enterprise-grade DDoS protection with network prioritization
  • Advanced web application firewall (WAF) with unlimited custom rulesets
  • Multiuser role-based account access
  • Multiple custom SSL certificate uploads
  • Access to Raw Logs
  • Access to account Audit Logs
  • Dedicated solution and customer success engineers
  • Access to China CDN data centers (Additional Cost)
  • 100 page rules
Compare all features

Free

$ 0 / month
 
For personal websites, blogs, and anyone who wants to explore Cloudflare.

Learn More

Add a Website

Pro

$ 20 / month
per domain
For professional websites, blogs, and portfolios requiring basic security and performance.

Learn More

Get Pro

Business

$ 200 / month
per domain
For small eCommerce websites and businesses requiring advanced security and performance, PCI compliance, and prioritized email support.

Learn More

Get Business

Enterprise

Contact Us
 
For companies requiring enterprise-grade security and performance, prioritized 24/7/365 phone, email, or chat support, and guaranteed uptime.

Learn More

Get in touch

Trusted By

Read some of our case studies

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.