Automatic compression
In HTTP 1.1 we enabled GZIP to compress the information we sent in our responses. A good practice that needs to be explicitly enabled. In HTTP 2 GZIP is standard and required.
Only changeable headers are re-sent
In HTTP 1.1 headers are sent in plain text, on each request (the famous User-Agent
for example). In HTTP 2 the headers are binary and compressed, decreasing the volume of data. In addition, it is possible to reuse the headers for the following requisitions. That way, we just have to send the changing headers. This reduces the requests and makes them less bulky.
Parallelization of requests
For every resource a page has, a request then made to load them faster needs to parallelize those requests. The problem is that HTTP 1.1 is a sequential protocol, we can only do 1 request at a time. The solution is to open more than one connection at a time, paralleling the requests in 4 to 8 requests (that's the limit we have). A common way to handle this is to use multiple hostnames on the page (pag.com and img.pag.com), thus gaining more parallel connections.
In HTTP 2 the requests and responses are automatically parallel in a single connection. This is called multiplexing .
Prioritization of requests
An interesting optimization is to facilitate the initial rendering, prioritizing the resources needed for the user to see the page first (CSS) and to interact (JS) later.
In HTTP 2 we can indicate in the requests which of them are most important through numerical prioritization. So the browser can give high priority to a CSS file in the head that blocks the rendering, and lower priority for an asynchronous JS at the bottom of the page.
Server Push
A common trick in HTTP 1.1 is to inline resources, aiming for faster initial rendering. The big problem here is that we've cleared the browser cache. CSS next to HTML can not be cached independently.
Here comes Server Push in HTML 2. The idea is to have the server send some resources to the browser without it having requested yet. The server "pushes" to the browser features that it knows will be requested soon. So when the browser needs the feature, it will already be cached and will not make a request.
Safety
A while ago there was a discussion whether HTTP 2 would allow non-SSL usage (I've stopped tracking for some time), but in practice only secure HTTPS connections will be supported. So we have security and privacy more established with the protocol.
Finally, I recommend the Hipsters.tech episode on HTTP2, will give you even more information on the subject