HTTP/2 is a major revision of the Hypertext Transfer Protocol, standardized by the IETF in RFC 7540 and updated in RFC 9113. It evolved from Google's SPDY project and replaces HTTP/1.1's text framing with binary frames, multiplexing, and header compression.

Which browsers support HTTP/2?

Chrome 41+, Edge 12+, Firefox 36+, Safari 11+ on macOS, Safari 9+ on iOS and iPadOS, Opera 28+, Samsung Internet 4+, and Android Browser 147+ support HTTP/2 by default. Opera Mini and Internet Explorer 10 and earlier never added support.

Does HTTP/2 require HTTPS?

The HTTP/2 spec does not require encryption, but every major browser only negotiates HTTP/2 over TLS. A site needs an HTTPS certificate before Chrome, Edge, Firefox, or Safari will switch from HTTP/1.1 to HTTP/2.

Is HTTP/2 backward compatible with HTTP/1.1?

Yes. HTTP/2 keeps the same methods, status codes, URIs, and header fields as HTTP/1.1, so existing web applications work without code changes. Browsers that cannot speak HTTP/2 fall back to HTTP/1.1 automatically through ALPN negotiation.

Is HTTP/2 server push still supported?

No. Chrome disabled HTTP/2 server push by default starting in Chrome 106 and removed it from Blink in later releases. Mozilla removed HTTP/2 server push from Firefox starting in Firefox 132. Sites should use rel="preload" links and the 103 Early Hints status code instead.

What is the difference between HTTP/2 and HTTP/1.1?

HTTP/1.1 sends plain-text messages over multiple parallel TCP connections and never compresses headers. HTTP/2 sends binary frames over a single multiplexed TCP connection, compresses headers with HPACK, and removes the head-of-line blocking that hurt HTTP/1.1.

What is the difference between HTTP/2 and HTTP/3?

HTTP/2 runs on TCP, so a single lost packet stalls every stream on the connection. HTTP/3 runs on QUIC over UDP, so a lost packet only stalls the stream it belongs to. HTTP/3 also makes TLS 1.3 mandatory and lets a connection survive a Wi-Fi to cellular handoff.

How do I check if my browser is using HTTP/2?

Open DevTools Network panel, right click the column headers, enable the Protocol column, and reload. Resources served over HTTP/2 list h2 in that column. The PerformanceResourceTiming API also exposes nextHopProtocol with the value h2.

What is HTTP/2 Rapid Reset?

HTTP/2 Rapid Reset is a denial-of-service vulnerability tracked as CVE-2023-44487. Attackers open many streams over a single HTTP/2 connection and cancel each one, forcing servers to spend CPU on requests that never complete. The fix is a server-side patch.

Home
/
Learning Hub
/
HTTP/2: Browser Support, Features, Known Issues

Testing

HTTP/2: Browser Support, Features, Known Issues

HTTP/2 works in Chrome 41+, Edge 12+, Firefox 36+, Safari 11+ on macOS, Safari 9+ on iOS, Opera 28+, and Samsung Internet 4+. Learn HTTP/2 browser support and quirks.

Prince Dewani

May 1, 2026

On This Page

About HTTP/2
Browser Support
Key Features
vs HTTP/1.1
Check Support
Known Issues
Citations

HTTP/2 is a major revision of the Hypertext Transfer Protocol, standardized by the IETF as RFC 7540 and updated as RFC 9113. It supports Chrome 41+, Edge 12+, Firefox 36+, Safari 11+ on macOS and Safari 9+ on iOS, Opera 28+, Samsung Internet 4+, and Android Browser 147+, while Opera Mini and Internet Explorer 10 and earlier never added support.

This guide covers what HTTP/2 is, the browsers that support it, the protocol's key features, how it differs from HTTP/1.1, how to check if a browser is using HTTP/2, and the known issues to plan around.

What is HTTP/2?

HTTP/2 is a major revision of the Hypertext Transfer Protocol that the IETF HTTP Working Group standardized in RFC 7540 and updated in RFC 9113. It evolved from Google's experimental SPDY project and replaces HTTP/1.1's plain-text framing with a binary protocol that adds multiplexing, header compression with HPACK, and stream prioritization. The protocol keeps the same methods, status codes, URIs, and header fields as HTTP/1.1, so existing web applications work without code changes.

Which browsers does HTTP/2 support?

All major browsers support HTTP/2 by default, but only over TLS. Chrome 41, Edge 12, Firefox 36, Safari 11 on macOS, Safari 9 on iOS, Opera 28, Samsung Internet 4, and Android Browser 147 enable HTTP/2 out of the box, while Opera Mini and Internet Explorer 10 and earlier never added support.

Loading browser compatibility data...

HTTP/2 compatibility in Chrome

Chrome supports HTTP/2 by default from Chrome 41 on Windows, macOS, Linux, ChromeOS, and Android. Chrome 4 to 40 used the SPDY predecessor and did not support HTTP/2. The browser only negotiates HTTP/2 over TLS, so HTTP/2 is automatic on every HTTPS site whose server advertises it through ALPN.

HTTP/2 compatibility in Edge

Microsoft Edge supports HTTP/2 by default from Edge 12 on Windows 10 and later. Every Edge release, including the legacy EdgeHTML versions and the modern Chromium-based releases, ships with HTTP/2 enabled. Like Chrome, Edge only negotiates HTTP/2 over HTTPS connections.

HTTP/2 compatibility in Firefox

Firefox supports HTTP/2 by default from Firefox 36 on Windows, macOS, Linux, and Android. Firefox 35 and earlier did not support the protocol. Mozilla removed HTTP/2 server push from Firefox starting in Firefox 132 because most sites moved to preload links and 103 Early Hints. The Necko networking library handles HTTP/2 negotiation in C++.

HTTP/2 compatibility in Safari

Safari supports HTTP/2 by default from Safari 11 on macOS and from Safari 9 on iOS and iPadOS. Safari 9.1 to 10.1 on macOS shipped a partial implementation that handled most flows, and Safari 8 and earlier did not support HTTP/2. WebKit handles HTTP/2 in the network stack, so apps that use WKWebView inherit the same behavior.

HTTP/2 compatibility in Opera

Opera supports HTTP/2 by default from Opera 28 on desktop and from Opera Mobile 80 on Android. Opera Mini does not support HTTP/2 because the browser routes traffic through Opera's compression proxy, which still terminates connections as HTTP/1.1.

HTTP/2 compatibility in Samsung Internet

Samsung Internet supports HTTP/2 by default from Samsung Internet 4 on Galaxy phones and tablets. Every modern Samsung Internet release inherits the Chromium HTTP/2 stack, so the negotiation behavior matches Chrome on Android.

HTTP/2 compatibility in Android Browser

Chrome for Android supports HTTP/2 by default from Chrome 41 on Android 4.1 and later, and the modern stock Android Browser ships HTTP/2 from version 147. Earlier AOSP browsers did not support HTTP/2. Android WebView inherits the Chromium HTTP/2 implementation.

HTTP/2 compatibility in Internet Explorer

Internet Explorer 11 supports HTTP/2 only on Windows 10 and Windows 8.1, and the implementation is partial. Internet Explorer 10 and earlier never added HTTP/2 support, and Microsoft has retired Internet Explorer 11. Sites that still receive IE 11 visits automatically fall back to HTTP/1.1.

What are the key features of HTTP/2?

HTTP/2 keeps every HTTP/1.1 verb and header but rewires how the protocol moves bytes on the wire. Five features carry most of the performance win.

Binary framing: HTTP/2 sends every message as a binary frame with a fixed header. Binary parses faster than text, removes whitespace and capitalization edge cases, and uses a single parsing path instead of HTTP/1.1's four.
Stream multiplexing: A single TCP connection carries many independent streams. The browser can send dozens of requests in parallel without opening a new socket per resource, which removes HTTP/1.1's head-of-line blocking at the request level.
HPACK header compression: HTTP/2 compresses request and response headers with HPACK, defined in RFC 7541. HPACK uses a fixed Huffman code and a dynamic table, so repeated headers like cookies and user agents shrink to a few bytes per request.
Stream prioritization: Clients tag each stream with a weight and dependency. Servers use the priority tree to send critical CSS and above-the-fold images before low-priority assets like footers and analytics scripts.
Server push: The protocol allows a server to push resources before the client asks. Browser support for server push has been removed in practice, with Chrome and Firefox shipping their respective deprecations, so the feature is no longer a deployment target.

HTTP/2 vs HTTP/1.1

HTTP/2 keeps the same request, response, and header model as HTTP/1.1 but rewires the transport. The table below compares the two on the dimensions that change real performance and shipping decisions.

Dimension	HTTP/1.1	HTTP/2
Message format	Plain text	Binary frames
Connections per origin	6 to 8 parallel TCP connections	One multiplexed TCP connection
Multiplexing	Sequential requests, head-of-line blocking	Many streams in flight at once
Header compression	None	HPACK with Huffman codes
Stream priority	Not defined in the protocol	Weight and dependency tree per stream
Server push	Not supported	Defined in spec, removed by browsers in practice
Encryption	Optional	Required by every browser implementation
RFC	RFC 9112	RFC 9113

Note: HTTP/2 negotiation breaks across browsers, networks, and proxies. Test it on real browsers and OS with TestMu AI. Try TestMu AI free!

How do you check if a browser is using HTTP/2?

The fastest check is the DevTools Network panel. Right-click the column headers, enable the Protocol column, and reload the page. Resources served over HTTP/2 list h2 in that column. For automated checks across pages, the PerformanceResourceTiming API exposes nextHopProtocol with the same value.

Paste this snippet into any browser DevTools console after the page finishes loading to count how many resources used HTTP/2, HTTP/3, or HTTP/1.1.

// Run in any browser DevTools console after the page finishes loading.
// PerformanceResourceTiming reports the protocol the browser negotiated.

const entries = performance.getEntriesByType("resource");
const counts = { "h2": 0, "h3": 0, "http/1.1": 0, "other": 0 };

for (const entry of entries) {
    const proto = entry.nextHopProtocol;
    if (proto in counts) {
        counts[proto] += 1;
    } else {
        counts.other += 1;
    }
}

console.log("Protocol counts on this page:", counts);
const total = entries.length || 1;
console.log("HTTP/2 share:", ((counts["h2"] / total) * 100).toFixed(1) + "%");
// HTTP/2 reports as "h2" in nextHopProtocol when ALPN selected it.
// HTTP/1.1 reports as "http/1.1", and HTTP/3 reports as "h3".

If every resource reports http/1.1 instead of h2, the server is not advertising HTTP/2 over ALPN, the site is being served over plain HTTP, or a corporate proxy is downgrading the connection. Browsers never speak HTTP/2 in clear text on the open web.

What are the known issues with HTTP/2?

HTTP/2 is mature and ships in every modern browser, but the protocol still has rough edges that affect production traffic. Plan for these before you treat HTTP/2 as a finished problem.

TCP head-of-line blocking: HTTP/2 multiplexes streams over a single TCP socket. A single dropped packet stalls every stream until TCP retransmits it. The HTTP/3 working group cited this as the main reason to move to QUIC over UDP.
Rapid Reset, CVE-2023-44487: Attackers open many HTTP/2 streams and immediately cancel each one, forcing the server to spend CPU on requests that never complete. The fix is a server-side patch, so any HTTP/2 origin still needs an updated stack.
Server push is dead in browsers: Chrome and Firefox have both removed HTTP/2 server push. Sites that built around PUSH_PROMISE frames need to switch to rel="preload" links and the 103 Early Hints status code instead.
HTTPS-only on the open web: The HTTP/2 spec allows clear-text h2c, but no browser supports it. A site without TLS cannot negotiate HTTP/2, which means HTTP/2 only ships where there is a valid certificate.
Internet Explorer fallbacks: Internet Explorer 11 only supports HTTP/2 partially on Windows 10 and Windows 8.1, and earlier IE versions do not support it at all. Sites that still receive IE traffic see those requests fall back to HTTP/1.1.
In my experience: the loudest HTTP/2 production issue is connection coalescing behind shared CDNs. Two domains share an HTTP/2 connection because the certificate covers both, then one domain's GOAWAY tanks the other domain's requests. Always test from a real browser on real network paths, not just curl from a clean lab box.

Citations

All HTTP/2 version numbers and platform notes in this guide come from these primary sources:

IETF RFC 9113 (HTTP/2): datatracker.ietf.org/doc/html/rfc9113
IETF RFC 7540 (HTTP/2 original spec): datatracker.ietf.org/doc/html/rfc7540
IETF RFC 7541 (HPACK header compression): datatracker.ietf.org/doc/html/rfc7541
MDN HTTP/2 Glossary: developer.mozilla.org/en-US/docs/Glossary/HTTP_2
Wikipedia HTTP/2: en.wikipedia.org/wiki/HTTP/2
HTTP/2 official FAQ: http2.github.io/faq
Chrome for Developers, removing HTTP/2 server push: developer.chrome.com/blog/removing-push
Chrome Platform Status, remove HTTP/2 push: chromestatus.com/feature/6302414934114304
Microsoft Learn, HTTP/2 support in Azure Front Door: learn.microsoft.com/en-us/azure/frontdoor/front-door-http2
CISA, HTTP/2 Rapid Reset (CVE-2023-44487): cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
Cloudflare blog, HTTP/2 Rapid Reset deconstruction: blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack

Author

Prince Dewani

Blogs: 8

Prince Dewani is a Community Contributor at TestMu AI, where he manages content strategies around software testing, QA, and test automation. He is certified in Selenium, Cypress, Playwright, Appium, Automation Testing, and KaneAI. Prince has also presented academic research at the international conference PBCON-01. He further specializes in on-page SEO, bridging marketing with core testing technologies. On LinkedIn, he is followed by 4,300+ QA engineers, developers, DevOps experts, tech leaders, and AI-focused practitioners in the global testing community.