← Lessons

quiz vs the machine

Silver1140

Networking

HPACK Header Compression In Depth

How HTTP2 shrinks repetitive headers with tables and Huffman coding.

5 min read · intro · beat Silver to climb

Why Headers Need Help

Requests repeat the same headers again and again, like the host, user agent, and cookies. Sending them in full every time wastes bandwidth. HPACK compresses headers without leaking the security weakness of general compression.

The Two Tables

HPACK keeps an indexed list of header fields.

  • A static table holds common headers known to both sides, such as the method and common status codes.
  • A dynamic table grows as a connection runs, storing headers the peers have already exchanged.

To send a header, an endpoint can reference an index instead of the literal text, which is far smaller.

Literals And Huffman

When a header is new, HPACK sends it as a literal. The literal text can be Huffman encoded so frequent characters use fewer bits. The header may also be added to the dynamic table for next time.

Guarding Against Attacks

General compression let attackers probe secrets by watching size changes, the weakness behind the CRIME attack. HPACK avoids this by not compressing across attacker controlled and secret values in a way that leaks length, relying on fixed tables and per field coding instead.

Key idea

HPACK replaces repeated headers with small indices from static and dynamic tables, Huffman codes new literals, and avoids the leak that general compression caused.

Check yourself

Answer to earn rating on the learn ladder.

1. How does HPACK shrink a header that both sides already know?

2. What does the dynamic table store?

3. Why was HPACK designed to avoid general compression?