HTTP/2 vs HTTP/3

Modern HTTP.

Overview

HTTP/2 and HTTP/3 are the modern HTTP versions both replacing HTTP/1.1 limits. HTTP/2 multiplexes over TCP; HTTP/3 multiplexes over UDP using QUIC, sidestepping TCP’s head-of-line blocking. Both deserve a place in production, but for different reasons; the question is matching protocol to client population, not picking a single winner.

• Modern HTTP. Both replace HTTP/1.1’s connection-per-request and head-of-line blocking. Single TCP/UDP connection multiplexes many streams.
• HTTP/2 over TCP. Mature, universal middlebox support. The default protocol on every CDN and most enterprise networks.
• HTTP/3 over QUIC/UDP. No TCP head-of-line blocking; better behaviour on mobile and lossy networks. Connection migration survives WiFi-to-cellular handoff.
• Server push deprecated plus 0-RTT. HTTP/2 push removed; both protocols use Early Hints instead. HTTP/3’s 0-RTT lets returning clients skip the handshake on subsequent connections.

The approach

Three habits keep the protocol choice rational: HTTP/2 as the default, HTTP/3 enabled at the edge for mobile-heavy traffic, and monitoring of the actual protocol distribution clients negotiate.

• HTTP/2 default. Universal client and middlebox support. Safe to enable everywhere.
• HTTP/3 for mobile-heavy traffic. 0-RTT and resilience to packet loss are real wins on cellular. Enable at the edge tier.
• CDN provides HTTP/3. Cloudflare, Fastly, and CloudFront all terminate HTTP/3 at the edge. No need to run QUIC on origin.
• Monitor fallback plus documented tier. Some clients fall back to HTTP/2 mid-session; per-tier the protocol negotiation lives in the runbook.

Why this compounds

Each protocol upgrade compounds across every page load and every API call from a supported client. The team’s networking expertise deepens; new services inherit modern protocol defaults instead of recreating them.

• Mobile experience improves. HTTP/3 plus 0-RTT cuts perceived latency on cellular networks measurably.
• Multiplexing wins compound. Both protocols remove HTTP/1.1 head-of-line blocking. Page-load and API-fanout latency drops.
• Encryption is mandatory. Both require TLS. Plaintext HTTP becomes a non-option, which is the right outcome.
• Year-one investment, year-two habit. First protocol enablement takes care. By year two, every new edge points at HTTP/3 by default.