Blog Secure Access Service Edge, Security Transformation Improving Web Security User Experience with HTTP/2
May 28 2021

Improving Web Security User Experience with HTTP/2

More than half of websites today support HTTP/2 for an improved user experience as web developers continue to move off HTTP 1.1. That’s for several good reasons. HTTP 1.1 can support six concurrent TLS tunnels with one session each to download web objects in popular web browsers, but HTTP/2 uses multiplexing to support thousands of sessions in one TLS tunnel and download web objects much faster. The benefits of HTTP/2 are speed, fewer TLS tunnels on your network, and an added degree of security that uses a binary format instead of hypertext.

As an example, page load times are typically 3-5x faster with HTTP/2 versus HTTP 1.1. These seconds and milliseconds add up, translating into a better user experience, increased productivity & less chance of users trying to bypass security controls. It’s also core to Netskope delivering on its vision of “security without performance trade-offs.”

Screenshot of Netskope HTTP/2 Test

To provide your users an improved web user experience of HTTP/2, your inline web security controls need to support HTTP/2 and TLS v1.3 or users will be deprecated back to HTTP 1.1, resulting in a less-than-desirable user experience. Plus, as HTTP/3 matures, it will also need TLS v1.3 support. For those adopting direct-to-internet SASE architecture with secure web gateways and cloud-based web proxy controls, you need to validate support for HTTP/2 and TLS v1.3 in the network path from the user through networking and security defenses to the desired website.

The pandemic has created a new normal of remote working with direct-to-internet access as opposed to techniques such as VPN hairpinning and MPLS backhauling SaaS apps, both of which degrade user experience. While app user experience has your attention, make sure web user experience is also optimized and not stuck in the 1990s with HTTP 1.1 as the deprecated default. Don’t assume that both HTTP/2 and TLS v1.3 are supported in solutions. There are several leading web security vendors behind on these standards, and as users and data become the center of new security models, including SASE and Zero Trust, analysts are only now starting to assess vendor support.

Fortunately, Netskope has you covered today. The Netskope Security Cloud supports HTTP/2 for an optimized user web experience and TLS v1.3 with the latest ciphers for strong web and cloud security. Netskope has more than eight years of production experience with inline proxy gateway controls for user traffic, including web, SaaS, Shadow IT, public cloud services, and custom apps in public cloud. 

Remote working is the new normal for users, but the consolidation of networking and security is another new normal where the details make a big difference and performance matters big time!

author image
About the author
Tom Clare is a senior product marketing manager, his focus at Netskope centers on product strategy with marketing experience in web/cloud proxies, data and threat protection, behavior analytics, network traffic analysis, endpoint protection, endpoint detection and response, deception, and firewalls.
Tom Clare is a senior product marketing manager, his focus at Netskope centers on product strategy with marketing experience in web/cloud proxies, data and threat protection, behavior analytics, network traffic analysis, endpoint protection, endpoint detection and response, deception, and firewalls.