HTTP/2 vs HTTP/3: Key Differences Explained

HTTP/2 vs HTTP/3: What Changed and Why

HTTP/2 and HTTP/3 represent two generations of the same evolution: making the web faster and more efficient. While they share the same semantics (headers, methods, status codes), they differ fundamentally in how data is transported.

Transport Layer: TCP vs QUIC

HTTP/2 runs on TCP, the same reliable transport protocol used since the early internet. TCP guarantees in-order delivery of bytes, which is both its strength and its weakness for multiplexed protocols.

HTTP/3 runs on QUIC, a new transport protocol built on top of UDP. QUIC provides its own reliability, congestion control, and encryption — essentially replacing both TCP and TLS as separate layers.

HTTP/2 stack:          HTTP/3 stack:
┌───────────┐      ┌───────────┐
│  HTTP/2   │      │  HTTP/3   │
├───────────┤      ├───────────┤
│  TLS 1.2+ │      │  QUIC     │
├───────────┤      │ (TLS 1.3) │
│   TCP     │      ├───────────┤
└───────────┘      │   UDP     │
                   └───────────┘

Head-of-Line Blocking

The most impactful difference is how each protocol handles packet loss. In HTTP/2, a single lost TCP packet blocks all streams because TCP delivers bytes in order. In HTTP/3, QUIC streams are independent — a lost packet on stream A does not block streams B, C, or D.

Connection Setup

HTTP/2 requires a TCP handshake (1 RTT) plus a TLS handshake (1-2 RTT). HTTP/3 combines transport and crypto into QUIC, achieving 1-RTT connections on first visit and 0-RTT on subsequent visits.

Header Compression

HTTP/2 uses HPACK, which maintains a shared dynamic table. HTTP/3 uses QPACK, which is redesigned to work correctly even when packets arrive out of order (a necessity since QUIC does not guarantee in-order delivery across streams).