[jitl]

> It’s important to understand that HTTP/2 requires secure connectivity. Only websites with HTTPS enabled can take advantage of HTTP/2 and its performance optimizations, like server push and header compression.

Pedantically, this is not correct. HTTP/2 does not mandate any encryption. But, all the browser vendors only support HTTP/2 with TLS. https://http2.github.io/faq/#does-http2-require-encryption

[richardwhiuk]

If you assume the second sentence explains the first, then this is correct - only websites (i.e something designed to be consumed by browsers) with HTTPS can take advantage of HTTP/2.

[fredliu]

This is true, but no mandate on encryption in the HTTP/2 standard was an deliberate decision, one of the very few differences between HTTP/2 and SPDY. But yes, practically, you can't use HTTP/2 without encryption nowadays.