Why HTTP/3 Matters: From TCP Roots to QUIC’s Future

Although the HTTP/3 specification is still a draft, the latest Chrome release enables it by default, bringing the protocol to mainstream browsers with roughly 70% market share.

The newest revision aims to make the web more efficient, secure, and lower content‑delivery latency by replacing TCP with the QUIC transport layer, effectively refining HTTP/2.

1. HTTP: Origins

In 1991 Tim Berners‑Lee designed a simple one‑line hypertext exchange protocol (HTTP 0.9) that already relied on TCP, which was then considered a mature, reliable transport.

HTTP 0.9 consisted only of a GET /path request and an HTML response, after which the TCP connection closed.

2. HTTP/1.0 Appears

Subsequent years saw rapid Internet growth, prompting three major enhancements:

Methods (e.g., POST) allowing clients to send data for processing.

Status codes giving clients feedback on request outcomes.

Headers enabling metadata such as content type, encoding, and compression.

These changes made browsers issue multiple requests per page, exposing the latency cost of opening and closing TCP connections.

To reduce this overhead, the Connection: keep‑alive header was introduced, allowing persistent TCP connections across multiple requests.

3. HTTP/1.1 Standardization

HTTP/1.1 fixed inconsistencies of 1.0 and introduced persistent connections and pipelining, which let clients send multiple requests without waiting for each response.

Pipelining, however, still suffered from head‑of‑line blocking because responses had to be sent in request order.

4. SPDY and HTTP/2

Google’s Chrome added support for SPDY, which later evolved into HTTP/2. HTTP/2 multiplexes many requests over a single TCP connection, eliminating head‑of‑line blocking and allowing server push of resources such as CSS.

Despite these gains, TCP’s reliability mechanisms still cause a single lost packet to stall all streams, especially on unreliable mobile networks.

5. HTTP/3 Revolution

Because TCP’s limitations could not be solved at the application layer, a new transport was needed. QUIC, built on UDP, provides connection‑level encryption, 0‑RTT handshakes, and independent streams so that loss in one stream does not block others.

QUIC also supports connection migration, allowing a client to change IP addresses without breaking the session.

6. Remaining Issues with HTTP/3

Network equipment often treats QUIC traffic as generic UDP, making configuration harder. Additionally, 0‑RTT can be vulnerable to replay attacks, so it should be disabled for sensitive applications.

Overall, HTTP/3 represents a significant step forward, but widespread adoption will take time.

Original source: https://scorpil.com/post/the-long-road-to-http3/