Pega web application uses http/1.1 protocol. Our security team requires our application to use http/2. Is there a way to change it?

SathishkumarJ17617111 · March 9, 2026, 8:29pm

RameshSangili · March 9, 2026, 9:00pm

I think to configure the protocol in server.xml on the server side. HTTP/2 instead of HTTPS

ArulDevan · March 10, 2026, 5:04am

Hi @SathishkumarJ17617111 : Few recommendations.

Using HTTP 1.1 is not a security issue by itself if the traffic is encrypted with TLS.

Regarding the change to HTTP 2, this is not just in the Pega. You also need to implement it in the other layers like your reverse proxy or load balancers.

I would suggest to create a support ticket with Pega to know if the images from Pega can be updated to make use of HTTP 2. At the same time, check with the infra team if the same can be implemented in the reverse proxy or Load balancer level.

Thanks.

SathishkumarJ17617111 · March 10, 2026, 3:41pm

Thanks Arul and Ramesh, I got a confirmation from Pega that Pega currently does not support HTTP/2 for the Pega Platform, which applies to both on-premise and cloud deployments.

Conversation		Replies	Views
Switching from HTTP to HTTPS App Server General system-administration , 8-7-4	5	233	July 11, 2023
Redirect to HTTPS General system-architect , system-administration , 8-7-3	1	187	January 24, 2023
Ensure all requests are HTTP secured User Experience user-experience , 8-5-4	2	95	September 30, 2024
VA Scan remediation - HSTS Missing From HTTPS Server (RFC 6797) - INC-A21729 General solutions-consultant , healthcare-and-life-sciences , 7-4	2	284	January 30, 2024
Does Pega 7.3.1 support TLS 1.3? Pega-as-a-Service devops , 7-3-1	2	258	April 23, 2021

Pega web application uses http/1.1 protocol. Our security team requires our application to use http/2. Is there a way to change it?

Related topics