WordPress

Site Optimization with HTTP/2


In another post I wrote about how Google rewards sites on HTTPS with better rankings and now browsers are starting to use it as default and warn users if a site is not secure.

Site Optimization with HTTP/2

But wait, there’s more. On all our Linux servers we have now implemented HTTP/2, but you need to be on HTTPS to take advantage of it. HTTP/2 replaces the old HTTP/1.1. In HTTP/1.1 your browser has to make separate requests for each file on a page. It requests a file, waits for a server response and goes on to the next file. This can happen a hundred times or more depending on page size. Browsers started helping with this issue by issuing multiple parallel connections with a server (I believe 6 is the standard) but those 6 connections are still limited to one request per file.

HTTP/2 Multiplexing

HTTP/2 opens one connection to your website instead of multiple TCP connections. Multiplexing allows multiple parallel requests to be issued over that one connection. So we go from one TCP connection per file to one TCP connection for all files at the same time. HTTP/2 has built in “Prioritization” so it can deliver higher priority resources that have been assigned a higher dependency by the server. There are many other technical things that make HTTP/2 fast but I don’t want to bore you with the details. Let’s just say that HTTPS used to be slower than HTTP due to the encryption overhead but HTTP/2 is faster than the old HTTP/1.1. You can expect your site to run anywhere from 50% to 120% faster on HTTP/2.

 

Site Optimization HTTP/2
http/1.1 vs http/2 Source

HTTP/2 Will Change How You Code

There were many things we used to have to do to try and get around the limitations of HTTP/1.1. HTTP/2 makes these obsolete. Unfortunately all our favorite optimization sites like GT Metrix and Pingdom have yet to update to include HTTP/2 but a variety of their warnings no long apply to how to fast your website loads.

  1. Domain Sharding. Spreading out files across multiple subdomains so that a browser can open more connections. Remember that Pingdomain warning about “Parallelize downloads across hostnames? No longer relevant.
  2. Combining Javascript and CSS files. It’s still good practice to combine as many CSS and JS files as possible but there is no pressure to combine ALL your CSS into one massive 500kb file. It makes sense to separate your bootstrap CSS, your main CSS your mobile CSS and your fonts.
  3. Image Sprites. I hate sprites as they make CSS so complex. Developers would combine images to reduce file requests. The drawback was the whole file would have to be loaded before it is displayed.
  4. Inlining. Placing CSS and JS directly into HTML so it doesn’t have to be called from external files. Kind of reminds you of coding in 1997.
  5. Cookieless Domains. A lot of domains employ this although it was always a step too far for me. As static resources like images, CSS and JS don’t need cookies developers would serve them from a completely separate domain. HTTP/2 compresses headers including the cookies so the request size is tiny. Serving files from another domain will increase load times now due to the extra DNS lookups.

A lot of these techniques places additional strain on a server’s resources. Opening extra connections and serving larger files increases CPU and memory use. It’s going to take time for these techniques to go away as many people still haven’t switched to HTTPS at all. And even if they do it will take time for the knowledge to filter down. I actually tested a few of these techniques on HTTP/2 and confirmed that Domain Sharding increases load time and Inlining doesn’t help speed at all.

Security and Trust

Let’s not forget the original reason for using SSL on your domain! As well as the ranking, speed and usability benefits of using HTTPS it also encrypts data between a browser and the server to protect it from eavesdroppers. Data sent from a browser to a server cannot be modified without being interrupted thus ensuring integrity. It also portrays trust so your visitors understand that you are serious about their security.

We have many types of SSL Certificates on offer at HostNexus. We have SSL Certicates from all the leading brands – GeoTrust, Thawte and Comodo and they start from as low as $14.95/yr for Comodo’s PositiveSSL.

Plus all our servers full support the free Let’s Encrypt SSL Certificates which you can install from your control panel.

Use this tool to ensure your server is using HTTP/2. All our Linux servers have it but there is no HTTP/2 support for Windows 2012. If you need any help in deciding on the right SSL Certificate for you or you need hep in switching to HTTPS please don’t hesitate to contact. As always we are on stand-by 24/7 to help you in any way.

About the author

Laurence Flynn

Hey! I'm Laurence, hosting industry veteran and entrepreneur, obsessed with web performance. My aim is to build the cheapest and fastest Optimized WordPress Hosting platform available today. Our back-end systems include Nginx and Redis combined with PHP 7, FPM and MariaDB to deliver maximum performance. Our front-end UI is powered by the beautiful Plesk control panel to deliver a smooth user experience. All secured with Imunify360, artificial intelligence and machine learning. Connect with me on LinkedIn.

6 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hi Laurence – I have reseller hosting on both Virgo and Mercury – most of our domains are WordPress now and Google has been pushing ALL sites to be SSL. I’ve requested “Let’s Encrypt” be turned on for all of my sites on Mercury and turned it on myself in Plesk on Virgo!
    Your article clearly promotes http/2 as being the best option – so HOW do we actually use it with WordPress sites. I used the TOOL link and my sites are NOT supported!

    • Hi Laurence,
      Two examples where it doesn’t work on Two HostNexus servers:

      whitford.com.au is a WordPress site I have hosted on MERCURY, Let’s Encrypt is active and I used a WP Plugin called “Easy HTTPS (SSL) Redirection” to force the redirection rather than edit the htaccess file. The tool returns this result:
      Negative! whitford.com.au does not support HTTP/2.0.

      alandredge.com.au is tiny bit of html making a business card hosted on VIRGO which I tested SSL and Let’s Encrypt on – I edited the htaccess file to force this one but the tool returns:
      Negative! alandredge.com.au does not support HTTP/2.0. Supported protocols: http/1.1

  • No rush Laurence – until I read your article I’d never even heard of HTTP/2 so I wasn’t missing it! :-) Always something new to learn in this line of work though!!

  • This should be working on all Plesk servers now. Cpanel doesn’t yet officially support HTTP/2 but I’m going to see if it can be hacked in somehow. :)