HTTP/2 Now Available on all shared/cloud servers at SiteGround
The Internet as we all know it today wouldn’t have existed without the HTTP protocol. It is the heart and soul that pumps content to all of us. It makes it possible for us to read the latest news, order stuff online, watch videos on YouTube and get to our favourite websites on all types of devices – workstations with 27-inch displays, laptops, mobile phones, tablets and even e-readers that offer browsing capabilities. Sadly, that protocol has not been changed since 1999 when version 1.1 was released so, when HTTP/2 was released earlier this year, it was a source of major excitement. Of course, the SiteGround team has immediately started working on it and we are now happy to announce that all our shared and cloud servers support HTTP/2.
Why HTTP needed an update?
Modern websites/apps make hundreds of HTTP requests and HTTP 1.1 is not well designed for the performance needs of the modern web and the constantly growing requirements of the users. During the last 16 years many new technologies emerged and web developers got really creative in terms of going around and jumping over the limitations of HTTP 1.1. However, it was time for the protocol itself to change and introduce some new features that will speed up all sites on the Internet.
What’s new in HTTP/2?
HTTP/2 is based on SPDY and is focused on performance improvements. It offers the following enhancements:
Multiplexing For Faster Data Transfer
Modern websites/apps require the web browsers to make many request to render a web page. In the beginning HTTP/1.0 allowed only one request to be made via a single TCP connection. With HTTP/1.1 this was addressed so browsers can make multiple requests to load many resources simultaneously. Unfortunately, another problem called head-of-line blocking was not resolved.
When HTTP/1.1 is used the requests flow is usually the following: the browser sends a request and needs to wait for the response of the server in order to send the next request. Modern websites have over 100 objects and even when browsers use multiple connections this way of handling requests can add up a lot of time because of head-of-line blocking.
The solution introduced in HTTP/2 is called multiplexing. It gives us a simple way to request and receive multiple web objects at a time through a single connection. It is the solution for the head-of-line blocking problem. HTTP/2 resolves this problem by using frames. Every frame contains meta information about requests/responses which allows one connection to be used for simultaneous delivery without causing confusion about which response is associated with which request. Here is an example how HTTP/2 handles the same three requests that we showed in the previous diagram:
As you can see from the second diagram when HTTP/2 is used the user sends multiple requests and can receive them in whatever order. Thus, pages load faster. For example, the server needed more time to handle the second request but the delivery of the third object was not blocked.
Compression Of Headers For Transferring Less Data
The second big improvement added by HTTP/2 is related to HTTP headers. Clients use headers to inform servers what information is needed and in what format the information could be delivered to them. For example, a web browser usually sends headers to inform the servers that it supports gzip compressed data. Cookies are also communicated via headers and the size of some cookies can get really big.
The problem is headers do not change much between requests. Also, with HTTP/1.1 headers have to be provided for every single request, which of course is pointless when headers do not change. Now HTTP/2 not only sends headers per connection, but it also offers compression. This means that an average web page that contains ~80-90 objects can now be loaded much faster because the web browser will need just one round trip to send all of the headers for all of the objects.
Prioritization For Proper Page Rendering
The third problem which HTTP/2 solves is caused by multiplexing and headers compression. Some objects are more important than others. For example, the CSS objects for a site should be delivered in the beginning, so that the site could be properly displayed. If multiplexing is used you cannot be sure that the CSS will be delivered before the rest of the objects.
The designers of the protocol, decided to address this issue in the protocol itself. Clients are able to communicate with the server and indicate priorities for certain objects and this way the web servers can make decisions about which objects should be delivered first to the clients. Since the protocol itself supports prioritization this means that web developers should not worry about changes that need to be made to their apps. The modern web browsers will take care of prioritization and handling of data streams in HTTP/2.
HTTP/2 Needs SSL/TLS
All web server implementations support HTTP/2 when it is used over an encrypted connection. This means you need an SSL for your website in order to take advantage of HTTP/2.
You can find more about HTTP/2 here: https://http2.github.io/faq/
Is HTTP/2 already in use?
HTTP/2 is already alive and you have probably already using it on your end if you’re using a modern browser such as all of the latest versions of Chrome, Firefox, Opera and Edge support HTTP/2.
Now all SiteGround shared/cloud servers support HTTP/2. Please note that clients that have private SSL certificates (see above: encryption is a must when HTTP/2 is used) can immediately take advantage of the new cool performance optimizations offered by HTTP/2.
Comments ( 93 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Jeffrey
Do we need to do something to our documents to take advantage of this or is it on the server side?
Daniel Kanchev Siteground Team
No actions are required on your end. If your site uses a private SSL certificate then you don't need to do anything.
CJ
Great explanation of what HTTP/2 is capable of, thanks. The speed enhancements overall are actually something to look forward to. I'm off to ask our host about this and whether we will/already have it.
Josh
Thanks for the article. You say: "This means you need an SSL for your website in order to take advantage of HTTP/2." So, does this mean we need to do something for our sites? Or your update handles it?
Daniel Kanchev Siteground Team
If you already have a private SSL certificate you don't need to do anything on your end. If you want to take advantage of HTTP/2 and you don't have a certificate you can order one at: https://www.siteground.com/ssl_certificates.htm
Sheila Bergman
Thank you for the explanation of http/2. Can you provide a link to SiteGround's documentation of how to implement it on our websites?
Daniel Kanchev Siteground Team
You don't need to do anything on your end - the web server (Nginx) and the clients' browsers will do the magic for you. The only requirement is for you to have a private SSL certificate installed on your account.
Badan
"The only requirement is for you to have a private SSL certificate installed on your account." I have a SSL certificate installed on one domaine only on my account. So this means that the others domains will not work on HTTP/2 ?
Daniel Kanchev Siteground Team
Yes, that is correct. The only domain name which will work over HTTP/2 will be the one that uses a private SSL.
Rishi
So glad to see HTTP/2 implemented in shared environments! Way to go, SiteGround!
Aaron
This is great to hear, but I have a question. Do we get any performance if we are using Cloudflare?
Daniel Kanchev Siteground Team
According to this blog post by Cloudflare they are still testing HTTP/2 on their servers and right now it is still not publicly available. However, I am sure that soon they will have it available for all of their clients.
Kenny
Fantastic, this is great news. Will do blog post and let everyone that visits know.
Martijn
Will http2 with SSL be faster than http without SSL? And can it be a 3rd party SSL EV Cert?
Daniel Kanchev Siteground Team
There is no problem for our team to install a 3rd party EV SSL for you and it will work just fine with HTTP/2. As for your other question, HTTP/2 is faster than HTTP/1.1.
Gaetano
Where can I check if my site has an SSL certificate? Thank you
Hristo Pandjarov Siteground Team
You can use one of the many checkers online: https://www.sslshopper.com/ssl-checker.html
Gaetano
Thanks I found alone. My GrowBig plan includes one year of SSL Certificate. It is true?
Daniel Kanchev Siteground Team
That is correct - a single shared hosting account can use only one SSL certificate.
Raphael Franchi
Great news to hear! I've subscribed a GoGeek plan with Siteground, what I have to do to take advantage of HTTP/2 on all my websites?
Daniel Kanchev Siteground Team
I am afraid that at this stage every shared hosting account (GoGeek, StartUp and GrowBig) can use only one SSL certificate. Thus, if you want all of your sites to use HTTP/2 then this means that for every site you need to get a separate hosting account with a private SSL certificate for the domain name in question. The other option is to get a cloud server and create separate cPanel accounts for all sites on the cloud server.
Joe Capone
How do we enable this in cpanel?
Daniel Kanchev Siteground Team
HTTP/2 is enabled by default and you don't have to do anything on your end. If your site uses a private SSL certificate then it also uses HTTP/2.
John Warden
eMail security issue, will the new upgrade stop the warnings about the siteground security certificate. I have 3 different shared accounts and this warning is totally embarrassing to explain to our clients. If this isn't going to fix the wildcard issue.. WHEN??? The Hosting is great... the Support is GREAT...The email is NOT.
Daniel Kanchev Siteground Team
HTTP/2 has nothing to do with the setup of our email servers. We do support SMTP over SSL/TLS and IMAP/POP3 over SSL/TLS. If you have more questions about the exact SSL/TLS setup of our servers please open a support ticket via your SiteGround.com User Area.
opomarski
I have grow big account. I understand the SSL cert is only useful for one domain. If I install on one domain is it possible to switch it to another domain later? Once installed, do I need to do anything to notify users or will they automatically be switched to https on access?
Daniel Kanchev Siteground Team
The GrowBig plan allows you to get a free SSL for one domain name for 1 year. After that the SSL upgrade becomes paid. I am afraid that once you get the free SSL you cannot change it to be valid for another domain name. Please post a support ticket for more information.
Clive
I understand that I would need a SSL cert per domain - can you confirm that any WP installs need to be fully SSL compliant also? That is, there are some themes/plugins that don't play so well when going via https... thanks
Daniel Kanchev Siteground Team
Clive, my personal recommendation is to reconfigure your whole site to use HTTPS. If for some strange reason your WP theme does not support HTTPS then you should contact the developers of the template and ask for assistance. As you probably know last year Google decided to add another metric to their ranking algorithms and this is page encryption: http://googlewebmastercentral.blogspot.bg/2014/08/https-as-ranking-signal.html Thus, my advice for you if you have a private SSL is to configure your site to work entirely via HTTPS. If this is not possible then you'll be able to use HTTP/2 only for some parts of your site (the ones that work via HTTPS).
Lorenzo
Hi, http/2 protocol will be available for dedicated servers soon? Thanks
Daniel Kanchev Siteground Team
By default we use Apache on our dedicated servers and our version of Apache does not support HTTP/2. HTTP/2 is enabled by default if you order the SuperCacher performance booster upgrade for your dedicated server. The booster upgrade will install Nginx on your dedicated server and HTTP/2 will be enabled by default. For more details please post a support ticket.
Steve Maughan
I have a certificate for one of my sites. How can I check to see if it's using HTTP/2? - Steve
Daniel Kanchev Siteground Team
Steve, you can use one of the following plugins for Firefox or Chrome to check your site: Firefox Plugin Chrome plugin
Patricia Lawson
Daniel, this was an excellent article. And all of my questions were answered by reading the comments that you have thoughtfully answered. Thank you.
Wouter
I read that it is possible to have multiple domains on the same IP address using an SSL certificate using Server Name Indication (SNI). That would make it possible to have HTTP/2 for all sites on a gogeek account. Is this something that will be possible in the (near) future?
Daniel Kanchev Siteground Team
You are right, Wouter. SNI is something that allows multiple certificates to be installed on one IP address and we'll offer it soon. Stay tuned for more good news :)
Ali
I really hope this becomes a reality ASAP, otherwise I'll have to leave Siteground despite all the other great features.
barryvan
What's the possibility of getting a cert from, say, https://letsencrypt.org/ to get the benefits of HTTP/2?
Daniel Kanchev Siteground Team
We are considering using SNI + letsencrypt.org in order to allow people to install multiple certificates on one hosting account. I hope that soon we'll be able to do this on our shared servers. Unfortunately, until then you need a private SSL certificate issued by a vendor in order to take advantage of HTTP/2.
Wouter
That's good news! Will we be able to install the certificates ourselves? And will you support automatic renewals? I read the letsencrypt certificates are valid for 60 days.
Hristo Pandjarov Siteground Team
I am afraid we're a bit too early in the development process to tell you that with certainty but keep an eye on the blog, we will definitelly post about this :)
Mitchoo
Someone told me that Varnish (SuperCacher) cannot cache https? How is SuperCacher going to work with HTTP/2?
Daniel Kanchev Siteground Team
Our SuperCacher is no longer based on Varnish. We have removed Varnish from our servers and upgraded to Nginx which supports HTTP/2 and also offers caching for pages requested over HTTPS.
William
Hi! Will getting a personal SSL certificate switch current http protocol to https one afterwards? And what about site SEO, will rankings be effected after switching from http to https? Is higher site performance worth worse site rankings and traffic positions?
Hristo Pandjarov Siteground Team
Having an SSL just allows you to switch over https. Whether you will do it or not is up to you. As to yourother question, the SSL certificate should have positive effect on your SEO because it's one of the thousands things google check in their ranking algorytm.
David
You use .htaccess redirects or HSTS to switch to https. It could be better for your rankings, since Google uses this as a signal now. With SPDY and now HTTP/2, it's definitely better for speed. You can also use Cloudflare rules to foce https, but Cloudflare doesn't support HTTP/2 yet.
Brent Norris
well done, thanks for sharing the insights. A definite feature for some of my clients, right now. Thanks!
David
Just signed up for the wildcard SSL try this out. (easy process, btw, thanks!) I found this great site to test whether or not HTTP/2 is activated: https://tools.keycdn.com/http2-test Everyone here is now in rare company now that SiteGround did this. Awesome! Thanks for keeping our sites state of the art, SiteGround! This is really what I like SG for. However... checking activated URL at https://spdycheck.org says: "SPDY Protocol Not Enabled! Seriously? This SSL/TLS server is using the NPN Entension to tell browsers it supports alternative protocols, but SPDY is not a protocol it supports. The server is not making SPDY an option. Since all the pieces are in place, hopefully it will be easy to enable SPDY support with this server." It seems to be poking fun at us for having all of the SPDY components and other advanced tech, but not also activating good ol' spdy. Can we fix this in some way?
Daniel Kanchev Siteground Team
Hi David and thanks for the kind words :) The spdycheck.org site probably checks only for SPDY and not for HTTP/2. Since HTTP/2 is more mature than SPDY I think that you can safely disregard the warnings displayed by spdycheck.org.
Thomas Herold
Do you have done any benchmarks on how much speed increase is possible with a WordPress website? I understand that it depends on the amount of connections e.g.images, scripts etc. But maybe a ballpark number...
Hristo Pandjarov Siteground Team
Pingdom, GTMetrix, there are a lot of free services for this out there.
Thomas Herold
I am referring to your hosting company and not to other services. In order to test it I have to buy a SSL certificate first. So, again the question in plain English: Have you done some testing on websites hosted with your company?
Hristo Pandjarov Siteground Team
We constantly perform such tests in-house. However, there are way too many variables in those and haven't "packed" those tests in a presentable way. In addition, we provide free SSL certificates with our GoGeek accounts but if it's just for the test, you can always use a self-signed one. The impact on the loading speeds is the same, no matter if the certificate is signed by a thrusted authority or not.
Robert Campbell
Multiple certs on the same IP has been possible for over a decade. I use to do it in the early 2000 on servers in my basement.
Hristo Pandjarov Siteground Team
It's a cPanel limitation basically.
Dave
Yeah, Cpanel is sort of cranky, isn't it. I'm amazed, though, how you guys have been able to hack modernity into it. I believe you're probably the most advanced Cpanel based host out there. You could use that in your ads, maybe... let people know they can take any Cpanel site, import it to SG, and really make it fly :)
Hristo Pandjarov Siteground Team
Yep, it has a lot of great functionality but a handfull of limitations too and we can't hack around everything :(
Luis Silva
Hello Daniel , Thats great news ! Please let me know if SNI is already available for shared hosting , like goGeek for example. Actually it seems it is something it can be donne quite fast . https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI Thanks
Daniel Kanchev Siteground Team
Hi Luis and thanks for your comment! We are considering using SNI + letsencrypt.org in order to allow people to install multiple certificates on one hosting account. I hope that soon we'll be able to do this on our shared servers. The technical implementation is the easy part. However, before we officially add SNI support we would like to perform extensive tests to make sure that everything will work as expected.
Luis Silva
Hello Daniel, That really good news ! Letsencrypt.org also involved in, great ! Have you give it a try already on lets encrypt ? What do you think about it ? Congrats and best Regards,
Martin
Hey, great news. Question: you offer HTTP/2 with Nginx or with Apache webserver ? Best, Martin
Daniel Kanchev Siteground Team
We use a combination of Nginx + Apache but HTTP/2 is supported through the Nginx web server.
Martin
Hey Daniel, ok ... thy, but ... ... another question: reading the Nginx docu, HTTP/2 is only supported for Nginx >= 1.9.5 (mainline / experimental) Version. So, you run a "backportet HTTP/2 on Nginx 1.8.x", or a "unstable Nginx 1.9.x" ? :) Best, Martin
Daniel Kanchev Siteground Team
We use a custom Nginx version which has been compiled by our colleagues from the DevOps department. The custom version is a stable release of the popular web server and it offers HTTP/2 support. We release new versions of our own Nginx when new features are added to the official Nginx releases.
Patricia BT
Hello Daniel and thank you very much for this feature, this article and all your replies. I have a SSL certificate (provided by GlobalSign via Siteground) for one of my main domains on my Cloud server (I believe it's included also after 1 year), and for this I understand I don't have to do anything (except to make my default WP url https now), and it's already supported. Now I have a question about all the other domains which are pointing there. Some have their own cPanel accounts, and some are addons or parked domains on top of them. And it's constantly changing as I add a domain when I get a new client on my WP Multisite. In one of your replies, you mention you will offer soon possibility of SNI with letsencrypt certificates. Q1 : Am I right that it's now available? I can see "Needs SNI?" under Manage SSL in cPanel. I see Letsencrypt opened to public beta on Dec 3 2015, and I see Siteground on their major sponsors! (congrats and thx btw) https://letsencrypt.org/2015/12/03/entering-public-beta.html Q2 : And can I add multiple domains for all my addons/parked domains, in all the cPanel accounts (not only main) ? and how? Q3 : And should I replace the one provided by GlobalSign, for my main domain by one also from Letsencrypt in order to have them all SNI? Maybe that's too many questions and I should open a support ticket? but I thought other readers might be interested to read this. Thank you very much in advance Patricia
Daniel Kanchev Siteground Team
Hi Patricia and thank you for all the questions! For now you should keep the GlobalSign SSL certificate. We are still working on the LetsEncrypt implementation for cPanel. Once it is ready you'll be able to use a tool which will allow you to setup new SSL certificates directly from the cPanel. This means that currently you cannot take advantage of HTTP/2 for all of your domains. However, this will change once we finalize the SNI + LetsEncrypt implementation. There will be probably a new blog post once this is done. Thanks for your patience!
Patricia BT
Thank you very much for your detailed reply, Daniel. Looking forward to that feature :)
Jeff
How would a website render if the the browser doesn't support HTTP/2? Would there be an issues? See Can I Use http://caniuse.com/#feat=http2 What would happen on let's say IE10, which it says that it is not supported?
Hristo Pandjarov Siteground Team
Well, if the browser does not support it, it won't be able to load the page.
Vance
Are you sure it doesn't fall back to HTTP/1.1 or SPDY in your environment?
Daniel Kanchev Siteground Team
During the first request the browser and the server will exchange information about which version of HTTP is supported by both and then the site will be loaded. This means that if your browser supports only HTTP 1.1 then the site will be loaded via 1.1.
Jelle
Hi Hristo, I am so glad you guys are working on allowing multiple ssl installations for the Gogeek plan. Otherwise I had to move away from Siteground (which I rather not do)...
Hristo Pandjarov Siteground Team
Yes, there's been a demand for this feature and we'll do our best to make it available right after the New Year :)
Brian Best
Do you have an ETA on this. Some of my clients are requesting this and some sites I'm holding off from migrating from UKWSD into my GoGeek account due to the 1 ssl cert limit per account.
Brian Best
Also as a side note, i was getting my head around the 1 ssl cert per account on GoGeek with your support team and pre sales team this morning and no-one mentioned that it was being worked on and to sit tight.
Hristo Pandjarov Siteground Team
Both are part of a single project that I really hope we will complete in less than a month...fingers crossed here because it requires tons of testing and hard ETA is difficult to give.
Will
Hello Hristo, I have 2 GoGeek accounts with SiteGround and it is my desire to be able to upgrade all the websites on the hosting with LetsEncrypt. I believe it is the right thing to do for my customers and it could give me a competitive advantage through 2016. I look forward to more news from you and your team. A happy SiteGround customer.
Hristo Pandjarov Siteground Team
Thanks for the kind words! We definitelly have tons of new stuff prepared and I hope we will soon have good news :)
tahlyn
once the SNI + LetsEncrypt integration happens, will you still need a dedicated IP on your account? I think right now, it's a $30 setup fee for a 3rd party SSL cert, a $30 setup fee for a dedicated IP, plus the yearly cost of the dedicated IP. I'm assuming since LetsEncrypt is a 3rd party cert, there will still be a setup fee? If so, if you have multiple LetsEncrypt SSLs that you want on the same account, will there just be one setup fee or will there be a separate setup fee for each cert? I'm looking forward to the SNI + LetsEncrypt integration happening soon.
Hristo Pandjarov Siteground Team
No, LetsEncryp will be completely free of charge and you will not need a dedicated IP address to use those certificate. Dedicated IP addressess will remain requirement only for the regular SSL certificates that we provide to our customers.
Gregg Davis
Thanks for the clarification Hristo - Having just upgraded to a Cloud account, I have a question about the dedicated IP fro SSL and HTTP/2. As I set up client websites on my cloud account, each with their own cpanel, will I need to purchase a dedicated IP (and the private certificate) to provide HTTP/2 for each of them?
Daniel Kanchev Siteground Team
Hello Gregg and thank you for the excellent question! Once we are done with the implementation of Let's Encrypt our systems will also become fully SNI compliant. This means that you'll be able to install more than one SSL per IP address. For more information about SNI check the following Wikipedia article: https://en.wikipedia.org/wiki/Server_Name_Indication
Henry
Is HTTP/2 available with Let's Encript? I see it's available on KeyCDN using Let's Encript. Very exciting technology.
Marina Yordanova Siteground Team
Hello Henry, once you install Let’s Encrypt, the visitors who access your website through https and use a modern browser that supports HTTP/2 will receive your content served through faster HTTP/2 protocol.
Fabio
Why in shared hosting the Server Push does not work? http2 is ok, but without the capability of push files. so are you going to enable or not in the future?
Hristo Pandjarov Siteground Team
Not at this point since it has potential to cause a lot of issues applied on a larger scale. Inlining resources or using rel=preload will get you the same results without the risks.
Franklin
Thanks for posting this Fabio! Spent the past 2-3 hours trying to figure out why http/2 "push" wasn't working. It only goes as far as preloading the files for http2. Wish it was documented on what is, and isn't, available for h2 on siteground. Hristo, instead of spending several more hours debugging push, could you please let us know if push will work if we use Cloudflare? There isn't much on this topic and I'm only wanting to push the core stylesheet and jQuery file so the "First Contentful Paint" has an improvement. PS: Sites are much faster on SiteGround and its great preload is available. It would be nice to try and leverage and test h2 push for better results in page speed testing.
Hristo Pandjarov Siteground Team
You can use the rel="preload" for this. We don't plan adding push at this point.
Hristo Pandjarov Siteground Team
It is not part of our roadmap for the moment.
David
https://www.siteground.com/kb/will-http2-work-once-a-domain-gets-lets-encrypt/ So we dont have to have a private SSL anymore, the free lets encrypt will work for http2?
Gabriela Andonova Siteground Team
Thanks for the question, David. Yes, Let's Encrypt SSL certificates can be used to enable HTTP/2 protocol on your website. In fact, Let's Encrypt SSL certificates are designed to work seamlessly with HTTP/2, and they are also included with all our plans. Find out how to install and manage them in this tutorial.
Greg
I recently heard that if your hosting is using HTTP/2 then we do not need to combine CSS or JS files. In your SG Optimizer plugin there are toggles for each of those settings. Does SiteGround still Recommend turning on those toggles to Combine CSS/JS files even though HTTP/2 is active on the Hosting?
Gabriela Andonova Siteground Team
Thank you for this question, Greg. Combining CSS and JavaScript files can improve website performance, even with HTTP/2. The combination of CSS and JavaScript files reduces the number of requests to the server, reducing your website's load time. Additionally, it can reduce your website's file size, resulting in faster loading times and a better user experience. So it’s definitely recommended to use our SG Optimizer plugin to combine CSS and JavaScript files. You can read more about the plugin and its functionalities here.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through