The new HTTP / 3 protocol for web browsing is a before and after, it is not a simple evolution of the current protocol, but with HTTP / 3 we greatly improve the efficiency when browsing the webs, which translates into that will load much faster, in addition to having the latest security measures provided by TLS. Today in this article we are going to explain in detail what is HTTP / 3, what are its main features, news, advantages and much more.
To better understand the HTTP / 3 protocol, first we will talk about the HTTP protocol and its previous versions. We will also explain how Cloudflare has already started using HTTP / 3 on its servers, therefore, we already have a real environment for using this new protocol.
HTTP is one of the most important protocols for the functioning of the Internet, it first appeared in 1991, and since then, there have been several versions with different characteristics. Among them, HTTP / 1.2 stands out, which was valid for 15 years, until HTTP / 2 arrived in May 2015. Now, HTTP / 3 arrives, which comes loaded with news to improve web browsing on the Internet as we know it.
If we want to communicate over the Internet we need to use different protocols. Fundamentally we could say that there are two (although in reality many more are involved). The first would be the Internet Protocol, which comes from the English Internet Protocol or IP in English. In this case, it is a data communication protocol that is found within the network layer according to the international OSI model. Thanks to the Internet Protocol, each device that connects to the Internet will be assigned an address with which to identify itself on the network. In this sense, we cannot surf the net without an IP address. When we use our browser we will communicate with a DNS server that will tell you the IP to connect that website that we have written in our address bar. Thus, in each communication we have a source IP (ours) and a destination IP (the web) to which we want to make requests.
We already have a protocol that identifies each of the parties, but we need another that establishes communication at the application layer level between the parties. The second we need is HTTP which we will talk about next.
What is HTTP and who participated in its creation
This protocol comes from the English Hypertext Transfer Protocol, HTTP abbreviated and translated into Castilian would be the Hypertext Transfer Protocol. It is a communication protocol that allows information transfers on the World Wide Web.
The HTTP protocol was developed by two agencies. One is the World Wide Web Consortium, which is an international consortium that develops recommendations and standards to maintain the growth of the World Wide Web in the long term. The other involved international organization was the Internet Engineering Task Force (IETF) that would be translated into the Spanish Internet Engineering Task Force. They are responsible for the normalization of the Internet, acting in various areas, such as transport, routing and security.
Thanks to HTTP, the syntax and semantics used by the software elements of the web architecture of clients, servers and proxies are defined so that they can communicate. Also, it is a stateless protocol, which means that it does not store any information about previous connections. Apart from this, we also use it to deliver the images and other elements of which a website is made up, and that would reach us through the browser or applications.
HTTP works using a client-server model. This means that when we make a connection, we make a series of requests to the server , to show us the content of that website. Then those images and text will be displayed in the browser using the HTML code.
HTTP protocol versions and evolution
Over time, the HTTP protocol has gone through different versions. In this sense, it should be noted that many of which are compatible with the previous ones, this is possible thanks to the fact that the client, when establishing communication, tells the server the version it is using. Then, the server is responsible for using the same version, or failing that, an earlier version in the reply.
Now comes the turn to briefly talk about the different versions and if they are still valid today.
The first HTTP / 0.9 dates from 1991 and we can say that it is currently considered obsolete. In this case, it should be noted that it only supports one command, GET, and also does not specify the HTTP version number. Neither does it support headers, nor POST, so the client cannot send information to the server.
The following is HTTP / 1.0 , it was released in May 1996. For the first time the protocol specifies its version in communications. It is used a lot today, especially on proxy servers. It should also be noted that it supports the GET, HEAD and POST request methods.
Then, in June 1999 , HTTP / 1.1 was released, which is currently the most widely used version. We have persistent connections enabled by default. It also allows the client to send multiple requests simultaneously on the same connection (pipelining), which makes it possible to eliminate the round trip time for each request, which translates into greater speed when loading web pages. A year later came HTTP / 1.2 , in February 2000 . Here the Protocol Extension Protocol or abbreviated PEP was proposed. In that sense, we can say that the HTTP Extension Framework largely includes PEP.
In May 2015 , HTTP / 2 arrives, it is a new version that does not modify the application semantics of HTTP. Its improvements focus on how the data is packaged and on transportation. The novelties that it brings is that it adds the use of a single connection, the compression of headers or the server push service.
Finally, in October 2018 , HTTP / 3 arrives which uses the transport layer protocol UDP instead of TCP. Support has already been added by companies like Cloudflare on their servers, and Google on its Chrome browser. Next, we will talk about HTTP / 3 in depth and all that this protocol entails.
Knowing HTTP / 3 and its implementation in web browsers
HTTP / 3 is the next generation of the Hypertext Transfer Protocol that we use to exchange information on the World Wide Web. Before having a denomination, it was known with the Hypertext Transfer Protocol on QUIC.
A very important part, as you may have already deduced, is the QUIC network protocol , belonging to the transport layer. It should be noted that this protocol was originally developed by Google and that it uses user space congestion control over the User Datagram Protocol (UDP).
Browsers have been gradually preparing to support HTTP / 3 . The first to do so was Google Chrome (Canary build) in September 2019, and in early 2020 Firefox did. Here is a table in which you can see from what date browsers are compatible with this new version of the hypertext transfer protocol.
As you can see, the main browsers such as Chrome, Firefox, Safari and Edge already support it. In this sense, it should be noted that, although they have support, it is not enabled by default and we must be the ones who activate it. For example, in Mozilla Firefox we have to enter about: config in the address bar (we accept the risks). We have to search for network.http.http3.enabled . By default it is marked as “False”, we have to mark it as “True”, and thus we will have the function enabled in the browser.
QUIC protocol, what it is and how it works
Earlier when we talked about the HTTP / 3 protocol, we mentioned that one of its most important implementations was QUIC. Now is the time to discuss it in depth. QUIC comes from the acronym in English Quick UDP Internet Connections which translated into Spanish means Fast UDP Internet Connections .
QUIC supports a set of multiplexed connections between two ends over UDP (User Datagram Protocol). In terms of security, it offers an equivalent to TLS / SSL. In addition, it offers other benefits such as reduced connection and transport latency. It is also capable of offering a bandwidth estimate in each direction to avoid congestion.
With the implementation of this new protocol, it is intended to improve the perceived performance of web applications that currently use TCP. Furthermore, it aims to provide a congestion prevention environment for rapid iteration of algorithms by establishing control in the application space at both ends.
More and more information is being sent over the Internet and we need a very efficient protocol so that requests, responses and interactions have lower latency, with shorter retransmission times. With the QUIC protocol we managed to improve these aspects. One thing to keep in mind is that IP address pairs and sockets are resource limited. Because QUIC is designed from the ground up for multiplexing operations, it has the potential to:
- Unify traffic.
- Reduce port utilization.
- Unify report messages and responses.
- Reduce redundant information, for example, in headers.
In short, with the HTTP / 3 protocol and QUIC built into it, we want it to be spread around the world to reduce packet loss from head-of-line blocking. In addition, it seeks to obtain low latency for both computers and smartphones. As for QUIC , the encryption to be used is TLS 1.3 . Security is going to be a very important part of HTTP / 3, since, in it, no connection will go back to plain text or without encryption over the network.
As QUIC was designed for multiplexing operations, the lost data packets from an individual stream will generally only affect that particular stream. The other data lossless, can continue without having to wait for the others. However, there is one exception, the QUIC HTTP header bits can cause head-of-line blocking.
Current implementation of HTTP / 3 in browsers and webs
After the approval of the HTTP / 3 protocol in October 2018, the first steps towards its use on a large scale began to be taken. One of them was the adaptation of the software for our computers and mobiles. Thus, as we have already mentioned before, they began to support the web browsers that we use regularly. So Chrome, Safari, Firefox, and Edge are ready to use it.
As Cloudflare, one of the most important companies in Internet security services, and domain name server (DNS) services distributed throughout the world. Among the services it offers:
- Protection against DDoS attacks.
- Web application firewall.
- DNS servers.
- Content delivery network. Thanks to her, Cloudflare caches content at its edge locations to act as a content delivery network through its CDN servers.
Cloudflare is going to be one of the companies to start working with HTTP / 3. This will not affect the way that customer’s website looks. Remember that, thanks to this new protocol, we will have faster and safer connections since they are always encrypted. In principle, this is not going to be a problem, as it is backward compatible with HTTP. Therefore, other people could continue using it.
Cloudflare has commented that they do not expect it to affect the performance of their websites. However, if for some reason, we want to disable it after it is automatically enabled, we can remove it to avoid problems. To do this, we would have to go to the “Network” tab in the Cloudflare panel and deactivate it.
Finally, in the Google Blog there is a study in which the loading times of a web using the HTTP / 3 QUIC protocol were analyzed. The conclusions they drew is that it reduced the average loading time of a website by 8% worldwide and by 13% in the regions with the highest latency.