How To Enable HTTP2 (SPDY) on Heroku

What is HTTP2?

HTTP2 is the latest version of HTTP and brings with it speed and security benefits.

Hyper Text Transfer Protocol (HTTP) is the series of steps that web browsers communicate with web servers.

Each version of HTTP defines different features that can be used in these communications, things like compression, encryption, does the connection stay open between requests, how much data can be sent at a time, etc.

Multiplexed connections

This allows multiple files to be downloaded on a single connection to the server, skipping the need for reconnecting and tearing down the underlying connection for each file.

Security

From a practical standpoint HTTP/2 is only enabled for HTTPS/TLS secured connections increasing data security. This is not actually part of the formal HTTP/2 specification, but Chrome has opted to only enable it for HTTPS connections.

Fallback compatibility

If a client can’t connect via HTTP2 it will seamlessly fall back to using HTTP1 making it very safe to switch.

Header Compression

Each request / response cycle from the browser to the server sends and receives a large number of headers. These headers specify everything from security options the browser should take to what language should be used.

Prior to HTTP2 these headers were not optimally compressed leading to bloated responses to even relatively small requests.

Real World HTTP2 Usage on Heroku

Clients making requests auto negotiate whether they use HTTP2 for the connection.

For a typical marketing site around 85 to 90 percent of the requests will be from browsers that support HTTP/2.

Browsers tend to be the most agressive at connecting over HTTP/2 if your application is an API serving to non-browser clients (mobile apps, other distributed systems) you may need to include connection instructions to force HTTP/2 requests.

Prerequisites

What you need to get started:

  1. Expedited WAF add-on is setup in front of your application.

How To Enable HTTP2 on Heroku

Heroku does not have a native function to enable HTTP/2 connections

Expedited WAF negotiates with each inbound request to determine if it’s possible to accellerate the request with HTTP/2 or fall back to HTTP/1.

By wrapping each request this is transparent to clients and just part of the Expedited WAF accelleration features.

Notes

  • “SPDY” was a Google specific HTTP protocol which was an immediate precursor to HTTP2. Some additional features were added to it and it’s been ratified by the IETF as HTTP2
  • HTTP2 (and site speed generally) are considered to be a SEO ranking factor

Resources

Learn more about HTTP2

Try Expedited WAF.
Get a Free Tee.

Option 1: Install Expedited WAF (the Web Application Firewall service that shields your Heroku applications from attacks) from the Heroku Elements Marketplace..

Seven days later we'll ask for some feedback and your (US or Canada only) shipping details.

Option 2: Select a Date & Time below to talk to us about your existing web application security framework and see how Expedited WAF can help better secure your Heroku applications.