HTTP/2 and HTTP/3 for Ecommerce: Why Protocol Version Matters for Conversion
HTTP/1.1 stores are slower, full stop. HTTP/2 fixes head-of-line blocking, multiplexes resources, and compresses headers. HTTP/3 cuts latency on mobile networks. Here's what each does for an ecommerce store.
Most ecommerce store owners have never thought about HTTP version. It's a layer of the stack that's supposed to "just work." But the difference between HTTP/1.1 and HTTP/2 is the difference between a fast store and a slow one — and the difference between HTTP/2 and HTTP/3 matters increasingly on mobile.
A Quick History
- HTTP/1.1 (1997): One request per connection. Multiple connections to load multiple resources. Headers sent as plain text on every request.
- HTTP/2 (2015): Binary protocol. Multiplexes many requests over a single connection. Compresses headers. Server push (rarely used).
- HTTP/3 (2022): Built on QUIC instead of TCP. Faster handshake, better mobile performance, no head-of-line blocking at the transport layer.
What HTTP/2 Fixed
HTTP/1.1's biggest problem is head-of-line blocking. A browser opens 6 connections to your domain. Each connection loads one resource at a time. If one slow image is on connection 3, the next 5 resources queued behind it have to wait. The result: a homepage with 80 resources loads serially in batches of 6.
HTTP/2 multiplexes everything over one connection. The same 80 resources start loading in parallel immediately. For a typical ecommerce homepage with lots of images, scripts, and stylesheets, this is a 30-50% improvement in load time.
What HTTP/3 Fixes
HTTP/2 still has TCP-level head-of-line blocking. If a single packet is lost, every stream on the connection waits for that packet to be retransmitted. On mobile networks with packet loss, this is painful.
HTTP/3 runs on QUIC (UDP-based), which handles streams independently. A lost packet only affects its own stream. The TLS handshake is also faster — 1 round trip instead of 2-3.
For mobile commerce, where 60-80% of ecommerce traffic now lives, HTTP/3 measurably improves perceived performance, especially on flaky networks.
How to Check Your Store's Protocol
The easiest check: open Chrome DevTools, go to the Network tab, right-click the column headers, and enable "Protocol." Refresh your homepage. Each request shows h3, h2, or http/1.1.
For a quick external check, use our HTTP/2 & HTTP/3 Checker. It tests protocol support, HTTPS redirect behavior, HSTS configuration, and TLS version in one scan.
Common Issues by Platform
- Shopify: Serves HTTP/2 and HTTP/3 by default via Cloudflare. No action needed.
- WooCommerce: Depends on your hosting. Many shared hosts still serve HTTP/1.1. Cloudflare in front of WooCommerce instantly upgrades to HTTP/2/3.
- BigCommerce: HTTP/2 and HTTP/3 enabled by default.
- Magento: Depends on your web server (nginx with HTTP/2 module, or behind a CDN).
- Custom/headless: Whatever your CDN or origin is configured for. Verify both.
HSTS — The Required Companion
HSTS (HTTP Strict Transport Security) is a header that tells browsers "always use HTTPS for this domain." It's required for HTTP/3 since QUIC only runs over HTTPS.
A proper HSTS header for an ecommerce store:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadThe preload directive lets you submit your domain to the HSTS preload list, which is hardcoded into Chrome and other browsers. After preload, the first connection from any browser to your domain skips the HTTP redirect entirely.
Be careful with includeSubDomains — every subdomain on your apex must support HTTPS, including any test or staging environments.
TLS Version Matters Too
HTTP/3 requires TLS 1.3. HTTP/2 works with TLS 1.2 but should be configured for 1.3 where available. TLS 1.2 itself is acceptable; TLS 1.0 and 1.1 should be disabled (PCI-DSS requires this for stores accepting credit cards).
Free check: SSL Labs (ssllabs.com/ssltest) gives you a full grade. Aim for an A+ rating.
Practical Wins
If your store is on HTTP/1.1, fixing this is the highest-leverage performance change you can make. The fix is usually one of:
- Put Cloudflare or Fastly in front of your store
- Update your hosting plan to one that supports modern protocols
- If self-hosted: enable HTTP/2 in nginx, then add HTTP/3 module
The performance gain is usually felt immediately by users — pages render faster, especially on mobile and on slower connections. Core Web Vitals scores improve, which feeds back into Google's mobile-first ranking.
What StoreVitals Tracks
Our health scans flag stores running HTTP/1.1, missing HSTS headers, and outdated TLS versions. The HTTP/2 & HTTP/3 Checker tool lets you verify any URL on demand. Most stores upgrade once and never have to think about it again — but if your hosting setup changes, regression is easy to miss without monitoring.