Use HTTP/2: How to Fix It

What this means

Every file your page needs (HTML, CSS, JavaScript, images, fonts) is requested over a version of the HTTP protocol. This audit checks the protocol version used for each resource and flags any that are still being delivered over HTTP/1.1 rather than HTTP/2 or HTTP/3. HTTP/1.1 dates from 1997 and handles requests in a far less efficient way than its successors, so resources stuck on it become a quiet drag on load time.

A flagged page does not mean the protocol is "broken." It means there is performance being left on the table, and that improvement is usually available through configuration rather than redevelopment.

Why it matters

The jump from HTTP/1.1 to HTTP/2 changed how the browser and server talk to each other. Three differences do most of the work:

• Multiplexing. HTTP/1.1 processes requests largely in sequence over a connection, so resources queue behind one another. HTTP/2 sends multiple streams at the same time over a single connection, so the browser can pull many files in parallel without waiting in line.
• Header compression. HTTP/2 uses a scheme called HPACK that strips the repetitive header data sent with every request. On pages with many requests, that removes a meaningful amount of redundant data from the wire.
• Faster parallel loading. Because multiplexing and compression reduce both queuing and overhead, the same set of files arrives sooner. HTTP/3 pushes this further by running over QUIC instead of TCP, combining the transport and encryption handshake into a single round trip and preventing one lost packet from stalling every stream.

Faster delivery of render-critical resources feeds directly into Core Web Vitals. When CSS, fonts and your hero image arrive sooner, your Largest Contentful Paint tends to improve, which is one of the signals Google measures for page experience.

How it gets flagged

Lighthouse gathers every resource the page requests and inspects the HTTP protocol version reported for each one. Any resource still answered over HTTP/1.1 is listed in the audit, with a few request types ignored by design. In current Lighthouse versions this check has been folded into the broader "Modern HTTP" insight, but the meaning is the same: assets that could be on a faster protocol are not.

The report names the specific URLs, which is the key to diagnosis. If the flagged files all sit on your own domain, the fix is at your origin server. If they sit on third-party or asset domains, the fix lives with that provider.

How to fix it

Work through these in order:

• Confirm HTTPS is in place. Browsers only negotiate HTTP/2 and HTTP/3 over a secure connection, so a valid TLS certificate is a prerequisite. If the site is not fully on HTTPS, that comes first.
• Enable HTTP/2 (or HTTP/3) at the server. Apache supports it through the mod_http2 module with a Protocols h2 http/1.1 directive; Nginx enables it by adding http2 to the listen 443 ssl line. Most managed and cPanel hosts expose this as a single toggle, and many enable it by default.
• Turn it on at your CDN. If you run a CDN such as Cloudflare, Fastly or Akamai, HTTP/2 is typically on by default and HTTP/3 is a checkbox in the network settings. The CDN can serve modern protocols even if your origin lags.
• Chase down third-party assets. Resources you cannot control (analytics, ad tags, embedded widgets) may stay on HTTP/1.1. Either accept those, self-host the asset where licensing allows, or replace the provider.
• Re-test. After the change, re-run the audit and verify the protocol in your browser's Network panel (add the "Protocol" column; HTTP/2 shows as h2 and HTTP/3 as h3).

If enabling the protocol exposes server errors, treat those separately; a misconfigured upgrade can surface 5xx server errors that need their own attention.

False positives

A few situations look like a problem but are not worth chasing. Third-party domains you do not own (fonts, tag managers, payment widgets) will show up if they serve over HTTP/1.1, and you genuinely cannot fix those at the source. A handful of request types are also excluded by the audit itself and will not be counted. And because the lab test reflects a single crawl, a transient hiccup at the edge can occasionally misreport a protocol; confirm against your real field versus lab data before treating one odd result as a regression. If the flagged URLs are all external and minor, this is informational rather than an urgent defect.

FAQ