HTTP/2 and HTTP/3: Why Protocol Version Matters for Agent Readiness Scoring
AgentHermes D8 Reliability (0.13 weight) detects HTTP/2 and HTTP/3 support. Multiplexing, header compression, and 0-RTT connections make agent interactions measurably faster. The good news: most CDNs auto-enable HTTP/2. The fix is usually free — you just need to verify it is actually working.
Why Protocol Version Matters for Agents
Human users visit a website and load one page at a time. AI agents work differently. An agent interacting with your API might make 5-20 requests in rapid succession — searching your catalog, checking availability, getting pricing, verifying credentials, and initiating a transaction. Each request-response cycle matters.
On HTTP/1.1, each request either gets its own TCP connection (expensive) or waits in a queue behind the previous request (slow). On HTTP/2, all those requests fly in parallel over a single connection. On HTTP/3, they fly even faster with zero connection setup time for returning agents.
The protocol version your server negotiates directly affects how efficiently agents can interact with you. AgentHermes detects this in the D8 Reliability dimension because protocol support correlates with infrastructure investment, CDN usage, and overall operational maturity — all things agents care about when deciding whether to trust an API with real transactions.
HTTP/1.1 vs HTTP/2 vs HTTP/3: Side by Side
Each protocol generation solves a specific problem for agent interactions. HTTP/2 fixes the parallelism bottleneck. HTTP/3 fixes the reliability and connection speed bottleneck.
Four Ways Modern Protocols Help Agents
Agents are not browsers loading web pages. They are API clients making structured calls in rapid sequences. Each protocol improvement has a specific, measurable benefit for agent workflows.
HTTP/2 Multiplexing
An AI agent making 5 parallel API calls to your service — search, check availability, get pricing, fetch reviews, and verify credentials — can send all 5 requests over a single TCP connection. With HTTP/1.1, each request needs its own connection or waits in a queue.
Impact: Reduces total latency for multi-call agent workflows by 40-60%.
HTTP/2 Header Compression
Agents send similar headers on every request — Authorization, Accept, User-Agent, Content-Type. HPACK compression deduplicates these across requests. A 3KB header repeated 10 times becomes 3KB once plus 200 bytes per repeat.
Impact: Reduces bandwidth overhead by 80% for repeated agent requests.
HTTP/3 0-RTT Connections
QUIC allows returning clients to send data immediately — zero round trips before the first request. An agent that calls your API every 5 minutes reconnects instantly instead of waiting for TCP + TLS handshakes.
Impact: Eliminates 100-300ms connection setup time for returning agents.
HTTP/3 Connection Migration
QUIC connections survive network changes via connection IDs rather than IP 4-tuples. If an agent runs on infrastructure that migrates between IP addresses (common in cloud functions), the connection stays alive.
Impact: Zero dropped connections during infrastructure scaling events.
CDN Protocol Support: Who Gives You HTTP/2 and HTTP/3 for Free
The good news: if your site uses any major CDN, you probably already have HTTP/2 support. The bad news: if you are running on a bare origin server (Nginx, Apache, Express), you are almost certainly still on HTTP/1.1. Here is what each CDN provides:
The takeaway: If you use Cloudflare, Vercel, or Google Cloud CDN, you already have HTTP/2 and HTTP/3 with zero configuration. If you use AWS CloudFront or Fastly, check your settings — HTTP/3 may need to be explicitly enabled. If you run a bare origin server, adding Cloudflare free tier takes 15 minutes and instantly gives you both protocols plus CDN caching benefits for D8 Reliability.
How to Verify Your Protocol Support
Most businesses assume they are on HTTP/2 because their CDN supports it. But configuration issues, origin server settings, or proxy misconfigurations can silently downgrade connections to HTTP/1.1. Here are three ways to verify:
Chrome DevTools Protocol Column
Open DevTools > Network tab. Right-click any column header and enable "Protocol." Reload the page. Look for "h2" (HTTP/2) or "h3" (HTTP/3) in the Protocol column. If you see "http/1.1," your site is not negotiating modern protocols.
curl with --http2 flag
Run: curl -I --http2 https://yoursite.com — if the response starts with "HTTP/2 200," you have HTTP/2 support. For HTTP/3, look for an "alt-svc" header in any response containing "h3" — this tells clients that HTTP/3 is available.
AgentHermes scan
Run a free scan at /audit. The D8 Reliability breakdown shows detected protocol version, CDN headers, response times, and status page presence. All factors that contribute to the 0.13 weighted D8 score.
Common Pitfalls That Downgrade Your Protocol
Origin server fallback
Your CDN serves HTTP/2, but some requests bypass the CDN and hit your origin directly. If the origin runs Nginx without http2 enabled in the listen directive, those requests fall back to HTTP/1.1. Agents may hit both paths.
Load balancer downgrade
Some load balancers terminate TLS and re-establish connections to backends on HTTP/1.1. The external client sees HTTP/2, but internal routing loses the benefits. Check the full connection chain.
API subdomain on different infra
Your marketing site at www.example.com is on Cloudflare (HTTP/2), but your API at api.example.com runs on a separate server without CDN coverage. Agents interact with the API, not the marketing site.
Expired or misconfigured TLS
HTTP/2 requires TLS in practice (all browsers and most clients enforce this). Expired certificates, self-signed certs, or TLS 1.0/1.1 configurations prevent HTTP/2 negotiation entirely.
The general principle: verify the protocol on the exact URL and port that agents will hit, not just your marketing homepage. If your API lives on a subdomain or different port, check that path specifically. CDN coverage that only applies to your website does not help agent interactions with your API.
Frequently Asked Questions
Does AgentHermes actually check HTTP/2 and HTTP/3?
Yes. The D8 Reliability dimension (0.13 weight) detects the protocol version in response headers. HTTP/2 support adds points to D8. HTTP/3 (indicated by alt-svc headers advertising h3) adds additional points. Sites still on HTTP/1.1 score lower on D8 reliability because protocol version correlates with infrastructure maturity, CDN usage, and overall performance investment.
How do I check what protocol my site uses?
Three ways: (1) Open Chrome DevTools, go to Network tab, right-click column headers and enable "Protocol" column. Reload the page and check the protocol column for h2 or h3. (2) Run curl -I --http2 https://yoursite.com and check if the response says HTTP/2. (3) Use https://www.httpvshttps.com/ or similar tools that display negotiated protocol. For HTTP/3, look for alt-svc headers containing h3 in any response.
My site is behind Cloudflare. Am I already on HTTP/2?
Almost certainly yes. Cloudflare enables HTTP/2 by default on all plans, including the free tier. HTTP/3 is also enabled by default. If your DNS points to Cloudflare (orange cloud icon), your site serves HTTP/2 and HTTP/3 to any client that supports them. You can verify in the Cloudflare dashboard under Speed > Optimization > Protocol Optimization.
Does HTTP/3 require any code changes?
No. HTTP/3 is a transport-level change that is completely transparent to application code. Your API endpoints, response bodies, status codes, and headers all work identically across HTTP/1.1, HTTP/2, and HTTP/3. The protocol negotiation happens at the connection level, typically handled by your CDN or reverse proxy. Your application code never needs to know which protocol is being used.
How much does protocol version actually matter for the Agent Readiness Score?
Protocol version is one signal within D8 Reliability, which carries a 0.13 weight (13% of total score). It is not the largest factor in D8 — status pages, uptime, and response times matter more. But it is a free improvement for most sites because CDNs handle it automatically. Think of it as the easiest 1-2 points you can pick up in D8. Combined with a status page and fast response times, protocol support contributes to the overall reliability picture that separates Silver from Bronze.
Is your API on HTTP/2?
Run a free Agent Readiness scan to see your protocol version, CDN detection, response times, and full D8 Reliability breakdown across all 9 dimensions.