ALL HTTP2 'h2' protocol requests reverting to HTTP/1.1 in all browsers (Chrome, Firefox, Safari) on macOS Mojave 10.14.3 (18D109) except for 'http/2+quic/4' protocol on Google/YouTube sites in Chrome viewing in DevTools Network Tab

Hi there CF community,

Last week I noticed both of my sites were using HTTP2 in Chrome DevTools > Network Tab > Protocol Column. However this week I’ve noticed both sites have switched back to HTTP/1.1 for my domain requests.

Websites in question:


https://stefancaliaro.com

I have double checked HTTP2 is on in Cloudflare dashboard under network.

I did speak to a Cloudflare employee about it casually and he said my site WAS using HTTP2, but I can’t see it from my browser, why is that? Does it depend on which network you’re on (it shouldn’t really) Cloudflare uses an anycast network, so even though I have the same 2 IP addresses from Cloudflare, it may be hitting several different Cloudflare machines/servers each time. However does this mean HTTP2 can’t be guaranteed every time?

I have included screenshots too.

Some clarity around this issue would be great, I’m trying to improve my hosting performance as much as possible (through HTTP2 multiplexing - anyone know the max concurrent requests of that?) since Sydney POPs are using US East Coast PoPs it seems from a visual traceroute app on my Android phone. https://play.google.com/store/apps/details?id=org.skynetsoftware.itraceroute&hl=en_AU (noticing huge 2 second TTFB as well, should I use Google’s CDN to test? Apparently Pro CF plan doesn’t use Sydney PoPs either due to the high bandwidth costs of transferring data in/out of an island (line lease on submarine cables). https://blog.cloudflare.com/bandwidth-costs-around-the-world/

Thank you!

Uploading: Screen Shot 2019-03-29 at 03.35.30.png… Uploading: Screen Shot 2019-03-29 at 05.48.58.png…



https://stefancaliaro.com

I have double checked HTTP2 is on in Cloudflare dashboard under network.

I did speak to a Cloudflare employee about it casually and he said my site WAS using HTTP2, but I can’t see it from my browser, why is that? Does it depend on which network you’re on (it shouldn’t really) Cloudflare uses an anycast network, so even though I have the same 2 IP addresses from Cloudflare, it may be hitting several different Cloudflare machines/servers each time. However does this mean HTTP2 can’t be guaranteed every time?

I have included screenshots too.

Some clarity around this issue would be great, I’m trying to improve my hosting performance as much as possible since Sydney POPs are using US East Coast PoPs it seems from a visual traceroute app on my Android phone. https://play.google.com/store/apps/details?id=org.skynetsoftware.itraceroute&hl=en_AU (noticing huge 2 second TTFB as well, should I use Google’s CDN to test? Apparently Pro CF plan doesn’t use Sydney PoPs either due to the high bandwidth costs of transferring data in/out of an island (line lease on submarine cables). https://blog.cloudflare.com/bandwidth-costs-around-the-world/

Thank you!

Tested on one Mac on Chrome and Firefox:


Uploading: Screen Shot 2019-03-29 at 03.35.30.png… Uploading: Screen Shot 2019-03-29 at 05.48.58.png…

I can confirm your sites are delivered with HTTP/2. Can you click on one of those resources and check the headers to make sure they’re coming from Cloudflare?

2 Likes

Odd, it seems to be an issue affecting only my latest 2015 MacBook Pro Running MacOS Mojave 10.14.3 (18D109) - latest normal channel build, latest Chrome ver: Version 73.0.3683.86 (Official Build) (64-bit) - latest, but it’s affecting Firefox and Safari on this Mac too. Meaning HTTP/1.1 requests.

Weird client issue if you ask me. If it’s affecting this Mac, I wonder how many more in the world are affected by whatever is causing this. I’ve had this Mac is my main laptop since last year too although sometimes I switch back to my oldmac for some programs, so maybe I saw the h2 protocol being used there but not my new MacBook Pro. Weird. Maybe it’s an OS level issue with this build of Mojave 10.14.3 (18D109) - latest normal channel build? (I used to be on the beta program before Mojave came out but I opted out from the beta program.

When I went to the macOS Mojave beta program last year. I did read something from Apple saying that I would need to reinstall MacOS Mojave if I were to exit the beta program (but maybe they were referring to downgrades, not upgrades of macOS), but it seems like that was not the case with the latest normal channel release update I went to.

I’m not sure what’s causing it, popped into my head just now I did install Avast recently this past week too on my new Mac, but I’m not using the VPN add-on but Avast by default does some web shield scanning so maybe that’s possibly affecting this?

New MacBook Pro Request header for index of siteroo.com.au/

* Request URL: https://siteroo.com.au/
    * Request Method: GET
    * Status Code: 200 OK
    * Remote Address: 104.31.75.36:443
    * Referrer Policy: no-referrer-when-downgrade
  * Response Headersview source
    * Cache-Control: no-cache, must-revalidate, max-age=0
    * Cache-Control: max-age=0, no-cache
    * CF-RAY: 4bf35ab42c80ae63-KIX
    * Connection: keep-alive
    * Content-Encoding: br
    * Content-Type: text/html; charset=UTF-8
    * Date: Fri, 29 Mar 2019 16:52:27 GMT
    * Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    * Expires: Wed, 11 Jan 1984 05:00:00 GMT
    * Link: <https://siteroo.com.au/wp-json/>; rel="https://api.w.org/", <https://siteroo.com.au/>; rel=shortlink
    * Server: cloudflare
    * Transfer-Encoding: chunked
    * Vary: Accept-Encoding
    * X-Frame-Options: SAMEORIGIN
    * X-Mod-Pagespeed: 1.9.32.14-0
    * X-Powered-By: PHP/7.0.30
  * Request Headersview source
    * Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
    * Accept-Encoding: gzip, deflate, br
    * Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
    * Cache-Control: no-cache
    * Connection: keep-alive
    * Cookie: __cfduid=d6661e51710f6c672d937c16bfe2fb26b1537465131; _ga=GA1.3.341240376.1537465134; gadwp_wg_default_metric=sessions; gadwp_wg_default_dimension=30daysAgo; gadwp_wg_default_swmetric=sessions; driftt_aid=b948b841-b081-4f2e-addf-1f9b151bf513; DFTT_END_USER_PREV_BOOTSTRAPPED=true; gadwp_ir_default_dimension=30daysAgo; gadwp_ir_default_swmetric=pageviews; gadwp_ir_default_metric=uniquePageviews; wp-settings-2=editor%3Dtinymce%26libraryContent%3Dbrowse%26hidetb%3D1; wp-settings-time-2=1552933266; gsScrollPos-392=0; wordpress_test_cookie=WP+Cookie+check; gsScrollPos-527=0; _gid=GA1.3.1270787254.1553713337; wordpress_logged_in_ed240cfa7a342c9afa97c6264781b4af=Stef%7C1553972035%7CpTWJCU8V9KeWy1ZtjaS005uhn3b5hlxIwWafEDsvQD5%7Ce49f8195b0d9cfb8e11023187bed28189d6284c8a71ede0973567201b543984f; wfwaf-authcookie-89dac0555400571d7f07d9340132373d=2%7Cadministrator%7C55041b29d3c31eed8d4c057f8633073f2ca2789d0a5e92772dd96cab12154fe0; gsScrollPos-1843=0; _gat=1
    * Host: siteroo.com.au
    * Pragma: no-cache
    * Upgrade-Insecure-Requests: 1
    * User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36

My old MacBook Pro on Yosemite 10.10.5 (14F2511) seems to be using h2 for all browsers on those sites. Without Avast

Tested with

Chrome:
Version 72.0.3626.109 (Official Build) (64-bit)
Version 73.0.3683.86 (Official Build) (64-bit) - latest.

Request URL: https://siteroo.com.au/
Request Method: GET
Status Code: 200
Remote Address: 104.31.75.36:443
Referrer Policy: no-referrer-when-downgrade
Response Headers
cache-control: max-age=0, no-cache
cf-ray: 4bf33c8cdc26ae87-KIX
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 29 Mar 2019 16:31:52 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link: <https://siteroo.com.au/wp-json/>; rel="https://api.w.org/", <https://siteroo.com.au/>; rel=shortlink
server: cloudflare
status: 200
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-mod-pagespeed: 1.9.32.14-0
x-powered-by: PHP/7.0.30
Request Headers
:authority: siteroo.com.au
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cfduid=d2e1108f570a7478e7751392337a43c5e1537426920; _ga=GA1.3.537730428.1537426923; MCPopupClosed=yes; gadwp_wg_default_metric=sessions; gadwp_wg_default_dimension=30daysAgo; gadwp_wg_default_swmetric=sessions; gadwp_ir_default_dimension=30daysAgo; gadwp_ir_default_swmetric=pageviews; gadwp_ir_default_metric=uniquePageviews; driftt_aid=63014188-e2aa-46b1-a75f-cf4d93c540a7; DFTT_END_USER_PREV_BOOTSTRAPPED=true; wp-settings-2=editor%3Dtinymce%26libraryContent%3Dbrowse%26hidetb%3D1; wp-settings-time-2=1552197279; _gid=GA1.3.466121095.1553873136
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36

Same goes with my Windows 7 Home Premium PC, it’s using h2 in Chrome Version 73.0.3683.86 (Official Build) (64-bit) - latest. Also runs Avast, but Windows version, not Mac.

* Request URL: https://siteroo.com.au/
  * Request Method: GET
  * Status Code: 200
  * Remote Address: 104.31.75.36:443
  * Referrer Policy: no-referrer-when-downgrade
* Response Headers
  * cache-control: max-age=0, no-cache
  * cf-ray: 4bf2a056c972ae87-KIX
  * content-encoding: br
  * content-type: text/html; charset=UTF-8
  * date: Fri, 29 Mar 2019 14:45:14 GMT
  * expect-ct: max-age=604800, report-uri=&quot;https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct&quot;
  * link: &lt;https://siteroo.com.au/wp-json/&gt;; rel=&quot;https://api.w.org/&quot;, &lt;https://siteroo.com.au/&gt;; rel=shortlink
  * server: cloudflare
  * status: 200
  * vary: Accept-Encoding
  * x-frame-options: SAMEORIGIN
  * x-mod-pagespeed: 1.9.32.14-0
  * x-powered-by: PHP/7.0.30
* Request Headers
  * :authority: siteroo.com.au
  * :method: GET
  * :path: /
  * :scheme: https
  * accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
  * accept-encoding: gzip, deflate, br
  * accept-language: en-GB,en-US;q=0.9,en;q=0.8
  * cookie: __cfduid=d3cd1d15e9f4411721c0c09a49d17ad761546145946; _ga=GA1.3.1581078490.1546145950; driftt_aid=8e869b68-e55e-4fcf-a93b-325619310eb7; DFTT_END_USER_PREV_BOOTSTRAPPED=true
  * upgrade-insecure-requests: 1

user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36

Here’s a Google Docs link I compiled with screenshots and resource headers between the 3 PCs. https://docs.google.com/document/d/13P2_y4Lj3IszBfMl-Mw2QyvsaZLOJFDKjQeI7Mhma4Y/edit?usp=sharing

Thanks! I’m thinking of slowly phasing out Cloudflare as a CDN provider but keeping it for DNS for the meantime while I figure out Google Cloud CDN to give me better speeds in Sydney, Australia since CF doesn’t seem to support Sydney PoPs unless I go to the business tier which is utterly expensive for basic sites like these (USD $200/month). Or maybe a Managed WP host like Kinsta.com seems like a more optimal choice with included CDN, but you pay around AUD $46 / $30 USD/ a month for it.

1 Like

I found another cloudflare site in this performance forum which also loads over http/1.1 on my new Mac.


From Firefox 66.0.2 (64-bit) on my New Mac Mojave 10.14.3 (18D109). Whatever it is, it definitely feels like client side issue now.

Would be keen to see if anyone else on macOS Mojave has this same issue? (I don’t want to upgrade my old Mac because some of my programs don’t work or work properly in Mojave).

I did find it odd how Kinsta was using 1.1 instead of 2. But if I test Kinsta on my old Mac or Windows, it’s using h2. kinsta.com

I also noticed Google uses a slightly different implementation of http2 (http/2+quic/4 - only seems to work in Chrome) and it works on my new Mac. Seems like a slight nuance with HTTP2 and how Cloudflare has implemented a particular specification of the http2 protocol.

Something for Cloudflare Engineers to look at I guess.

Chrome:

Firefox using http/1.1 for google on my new Mac mojave:

I restarted my new mac and it still loads h2 enabled sites over http/1.1. (Including Cloudflare.com).

I searched Google for like http2 not working in mojave or Chrome and there wasn’t anything on it. Maybe this is a bleeding edge issue with either H2 protocol or macOS Mojave bug (more likely) and should be raised with Apple Networking Engineering macOS team. @Apple

EDIT: I just reported the issue to Apple even though it’s not a beta version of macOS Mojave anymore I still had the Feedback Assistance installed on my Mac from when Mojave was in beta.

I guess we just sit back and wait and see for this one, unless anyone has a new angle to offer.

That’s bizarre. The other suggestion I would have is remove any plugins or extension you might have in the browser… especially anything that does theme / color manipulation.

1 Like

Thank you for the suggestion cscharff, I did think about reinstalling Chrome, but like, this issue is affecting all browsers on my Mojave MacBook Pro. I don’t use Safari unless I’m testing something, so there are 0 add-ons there. And I only use Firefox for testing or basic browsing too.

Also, I use most of the same add-ons on my old Mac that runs h2 fine. Definitely feels like it’s got to do with someway the OS processes http2 in a networking module of the OS. Hopefully Apple can provide some fix, not hopeful on an explanation from Apple (since their OS update change logs are quite vague or lacking unless it’s security exploit based) other than what we can only assume here.

Another less likely scenario is that DevTools across 3 browsers is not rendering h2 output properly in the columns based on Mojave incompatibility / bug, but the sites may be actually loading over h2, just not reported that way in DevTools? Seems highly unlikely a bug would go to that extent though. So it would be like a visual aesthetics bug in this case. It’s just weird that it shows http/2+quic/4 from Google/YouTube sites though but not h2 from any other http2 enabled site.

I’ll install and try Opera. :slight_smile: Completely clean slate.

I just hopped over to my MacBook Pro running Mojave and tested both sites with Safari/Firefox/Chrome and they all give me h2.

Now it’s just guesswork…you wouldn’t happen to have a local copy of a TLS/SSL certificate for those domains on your computer, would you? Can you check the cert that’s loading for those sites?

1 Like

Try a browser client diagnostic test too see https://www.ssllabs.com/ssltest/viewMyClient.html

2 Likes

How about creating a new user on that Mac? I think that would give your browsers a fresh start.

Wow, thanks so much! That site is brilliant! Didn’t know a site like that existed for testing browser protocols. :slight_smile:

So I installed Opera and it was running all H2 requests for my domain.

After I saw your SSL site, it pointed me back to Avast (because my other Mac doesn’t have avast - The Windows version looks like it works differently in this area of web shield SSL scanning). I disabled the Web Shield in Avast and h2 started working again.

File this as a bug for Avast on Mac. @Avast.

Before I disabled Avast Web Shield in Avast Preferences.

After I disabled Web Shield:

Thanks again guys, appreciate it! Hopefully this can serve as a guide for other Avast Mac Cloudflare users too :slight_smile:

4 Likes

Yeah anti-virus software MITM inspection can cause unusual stuff sometimes :slight_smile:

Glad to have helped

2 Likes

Submitted bug report. Let’s hope they actually do something with it.

Btw, coincidentally speaking, macOS Mojave 10.4.4 update dropped overnight, seems to add dark mode for websites that support the colour scheme for safari. Surprised it didn’t have the mixed insecure-content warning before, I guess Apple didn’t what to startle their user base with prone sites out there - I raised another thread with that issue here: https://community.cloudflare.com/t/unique-deep-wordpress-https-broken-mixed-content-http-warnings-even-with-automatic-https-rewrites-enabled/55365.

MacOS update: https://www.macrumors.com/2019/03/25/apple-releases-macos-mojave-10-14-4/

For what it’s worth, I dived even deeper into Avast settings just now and I found you can keep the web shield on and disable it for secure connections and browsers will still use h2 on Mac. :slight_smile:

Hopefully they fix whatever they’re doing to scan secure connections on Mac.

3 Likes

I usually use various http2 check sites as I never trust my local. I checked your site in two different ones and both of them reported that you were supporting http2.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.