Skip to main content

RFC 9113 - HTTP/2

Published: June 2022
Status: Standards Track
Authors: M. Thomson (Mozilla), C. Benfield (Apple Inc.)
Obsoletes: RFC 7540, RFC 8740

Abstract

This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced latency by introducing field compression and allowing multiple concurrent exchanges on the same connection.

This document obsoletes RFCs 7540 and 8740.

Table of Contents

  • 1. Introduction
  • 2. HTTP/2 Protocol Overview
    • 2.1 Document Organization
    • 2.2 Conventions and Terminology
  • 3. Starting HTTP/2
    • 3.1 HTTP/2 Version Identification
    • 3.2 Starting HTTP/2 for "https" URIs
    • 3.3 Starting HTTP/2 with Prior Knowledge
    • 3.4 HTTP/2 Connection Preface
  • 4. HTTP Frames
    • 4.1 Frame Format
    • 4.2 Frame Size
    • 4.3 Field Section Compression and Decompression
  • 5. Streams and Multiplexing
    • 5.1 Stream States
    • 5.2 Flow Control
    • 5.3 Prioritization
    • 5.4 Error Handling
    • 5.5 Extending HTTP/2
  • 6. Frame Definitions
    • 6.1 DATA
    • 6.2 HEADERS
    • 6.3 PRIORITY
    • 6.4 RST_STREAM
    • 6.5 SETTINGS
    • 6.6 PUSH_PROMISE
    • 6.7 PING
    • 6.8 GOAWAY
    • 6.9 WINDOW_UPDATE
    • 6.10 CONTINUATION
  • 7. Error Codes
  • 8. Expressing HTTP Semantics in HTTP/2
    • 8.1 HTTP Message Framing
    • 8.2 HTTP Fields
    • 8.3 HTTP Control Data
    • 8.4 Server Push
    • 8.5 The CONNECT Method
    • 8.6 The Upgrade Header Field
    • 8.7 Request Reliability
    • 8.8 Examples
  • 9. HTTP/2 Connections
    • 9.1 Connection Management
    • 9.2 Use of TLS Features
  • 10. Security Considerations
    • 10.1 Server Authority
    • 10.2 Cross-Protocol Attacks
    • 10.3 Intermediary Encapsulation Attacks
    • 10.4 Cacheability of Pushed Responses
    • 10.5 Denial-of-Service Considerations
    • 10.6 Use of Compression
    • 10.7 Use of Padding
    • 10.8 Privacy Considerations
    • 10.9 Remote Timing Attacks
  • 11. IANA Considerations
    • 11.1 HTTP2-Settings Header Field Registration
    • 11.2 The h2c Upgrade Token
  • 12. References
    • 12.1 Normative References
    • 12.2 Informative References

Appendices

Last updated on