Sign in to save

Bookmark this page so you can find it later.

Sign in to save

Bookmark this page so you can find it later.

HTTP/2 and HTTP/3 are modern versions of the web protocol used by browsers, apps, and servers to exchange resources efficiently. This cheat sheet helps students compare how requests, responses, streams, and connections work in each version. It is useful for understanding web performance, security requirements, and why newer protocols reduce delays compared with older HTTP/1.1 behavior.

HTTP/2 runs over TCP and uses binary frames, multiplexed streams, header compression with HPACK, and server prioritization features. HTTP/3 keeps the HTTP semantics but runs over QUIC, which uses UDP, built-in TLS 1.3, stream-level loss recovery, and faster connection setup. A key relationship is HTTP/2 = HTTP semantics + binary framing over TCP, while HTTP/3 = HTTP semantics + QUIC over UDP.

Key Facts

  • HTTP/2 uses one TCP connection to carry many independent streams at the same time, which is called multiplexing.
  • HTTP/3 uses QUIC over UDP, so the stack is HTTP/3 over QUIC over UDP over IP.
  • HTTP/2 avoids many HTTP/1.1 delays because multiple requests can share one connection instead of waiting in strict order.
  • HTTP/2 still suffers from TCP head-of-line blocking because one lost TCP packet can delay all streams on that connection.
  • HTTP/3 reduces transport-level head-of-line blocking because QUIC handles loss recovery separately for different streams.
  • HPACK compresses repeated HTTP/2 headers using indexed tables so common fields do not need to be sent in full every time.
  • QPACK is the header compression system used with HTTP/3 and is designed to work safely with QUIC streams.
  • A simple comparison rule is HTTP/2 = TCP + TLS + binary frames, while HTTP/3 = UDP + QUIC + TLS 1.3 + frames.

Vocabulary

Multiplexing
Multiplexing is the ability to send multiple request and response streams over one network connection at the same time.
Stream
A stream is an ordered flow of frames that carries one HTTP request and response or part of a larger exchange.
Frame
A frame is a small binary unit of protocol data used by HTTP/2 and HTTP/3 to structure messages.
QUIC
QUIC is a transport protocol built on UDP that provides encryption, connection management, streams, and loss recovery for HTTP/3.
Head-of-line blocking
Head-of-line blocking happens when one delayed or lost piece of data prevents later data from being processed.
TLS
TLS is the security protocol that encrypts web traffic and helps verify the identity of the server.

Common Mistakes to Avoid

  • Saying HTTP/3 is just HTTP/2 with a new version number is wrong because HTTP/3 changes the transport from TCP to QUIC over UDP.
  • Assuming UDP means HTTP/3 is unreliable is wrong because QUIC adds reliability, ordering within streams, encryption, and congestion control above UDP.
  • Confusing multiplexing with parallel TCP connections is wrong because HTTP/2 and HTTP/3 can carry many streams inside a single connection.
  • Claiming HTTP/2 completely removes head-of-line blocking is wrong because TCP packet loss can still block all HTTP/2 streams on the connection.
  • Ignoring TLS requirements is wrong because modern HTTP/2 is almost always deployed over TLS, and HTTP/3 includes TLS 1.3 as part of QUIC.

Practice Questions

  1. 1 A browser needs to request 24 small image files from the same website. If HTTP/1.1 uses 6 parallel TCP connections with one active request per connection, how many request rounds are needed at minimum?
  2. 2 A web page sends 10 requests over one HTTP/2 connection. If one TCP packet is lost, which layer can cause all streams to wait for recovery?
  3. 3 Write the protocol stack for HTTP/3 from application to network layer using the format HTTP/3 over ____ over ____ over IP.
  4. 4 Explain why HTTP/3 can perform better than HTTP/2 on lossy mobile networks even though both support multiplexing.