HTTP/2 Opens New Connections With the Word ‘PRISM’

Since whistleblower Edward Snowden revealed the extent of the US National Security Agency’s mass surveillance program, the word Prism has taken on a sinister meaning. The NSA’s PRISM program collected the internet communications of its citizens via nine major internet companies, including Google, Microsoft, Apple, and Yahoo. Now, John Graham-Cumming, a British coder and tech writer, has discovered a curious quirk within HTTP/2 connections: the opening protocol contains the word PRISM.

This is how HTTP/2 connection protocols begins, when unravelled from a 24-octet sequence:

PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n

Otherwise written as:



The verb PRI was, until 8th July, 2013, FOO. What happened during the Summer of 2013 to motivate such a change? Edward Snowden’s NSA leak. Coincidence?

While conspiracy theorists could have a field day with the revelation, it seems to be little more than a sly Easter egg included by the cheeky programmers.

Danish developer Poul-Henning Kamp wrote at the time about his concerns for HTTP/2 in the wake of the PRISM revelations. “I think PRISM is ample evidence that [adding more encryption to HTTP/2 to fight back against the NSA] will have the 100% certain result is that all encryption will be circumvented, with bogus CA certs all the way up to PRISM and designed-in backdoors, and the net result is less or even no privacy for anybody everywhere,” Kamp wrote to his colleagues in the HTTP Working Group.

The inclusion of the word PRISM in the HTTP/2 protocol is like a knowing middle finger to the NSA, and a reminder to us that not every internet entity is colluding with intelligence agencies.

Image courtesy of