QUIC and HTTP/3
Understand QUIC protocol and HTTP/3 for next-generation web performance. Covers connection establishment, multiplexing improvements over HTTP/2, migration support, and the patterns that reduce latency and improve reliability on modern networks.
HTTP/3 is the next major version of HTTP, built on QUIC instead of TCP. QUIC eliminates head-of-line blocking, reduces connection establishment time from 2-3 round trips to zero, and handles network changes (like switching from Wi-Fi to cellular) without dropping connections. It is already used by Google, Cloudflare, and Meta for production traffic.
Why QUIC
HTTP/1.1 over TCP:
Connection: TCP 3-way handshake (1 RTT)
TLS: TLS handshake (1-2 RTT)
Request: Send request, wait for response
Total first byte: 2-3 RTT minimum
Head-of-line blocking:
TCP guarantees ordered delivery
If packet 1 is lost, packets 2, 3, 4 must wait
One lost packet blocks ALL streams
HTTP/2 over TCP:
Multiplexing: Multiple requests on one connection
Header compression: HPACK
Server push
Still head-of-line blocking at TCP layer!
One lost TCP packet blocks ALL HTTP/2 streams
HTTP/3 over QUIC:
Connection: 0-RTT (if previously connected)
TLS 1.3: Built into QUIC (not a separate layer)
No head-of-line blocking:
QUIC is UDP-based, streams are independent
Lost packet on stream A does NOT block streams B, C, D
Connection migration:
Switch from Wi-Fi → cellular without dropping connection
QUIC uses Connection IDs, not IP:port tuplesPerformance Comparison
Connection Establishment:
TCP + TLS 1.2: 3 round trips (RTT)
TCP + TLS 1.3: 2 round trips
QUIC (new): 1 round trip
QUIC (resumed): 0 round trips (0-RTT!)
For a user on 100ms RTT:
TCP + TLS 1.2: 300ms before first byte
QUIC (new): 100ms before first byte
QUIC (0-RTT): 0ms additional latency
Head-of-Line Blocking:
Scenario: 10 HTTP requests, 1% packet loss
HTTP/2 over TCP:
Lost packet blocks ALL 10 streams
P99 latency: High spike
HTTP/3 over QUIC:
Lost packet blocks only the 1 affected stream
9 other streams continue unaffected
P99 latency: Much lowerEnabling HTTP/3
# Nginx with HTTP/3 (QUIC)
server {
listen 443 ssl;
listen 443 quic reuseport; # Enable QUIC
http2 on;
http3 on; # Enable HTTP/3
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
# Advertise HTTP/3 support via Alt-Svc header
add_header Alt-Svc 'h3=":443"; ma=86400';
# QUIC-specific settings
quic_retry on; # Address validation for DDoS protection
ssl_early_data on; # Enable 0-RTT
}
# CloudFlare: HTTP/3 enabled by default (toggle in dashboard)
# AWS CloudFront: HTTP/3 supported (opt-in)
# Fastly: HTTP/3 supported via QUICAnti-Patterns
| Anti-Pattern | Consequence | Fix |
|---|---|---|
| Block UDP at firewall | QUIC cannot function | Allow UDP 443 |
| No Alt-Svc header | Clients cannot discover HTTP/3 support | Add Alt-Svc header to responses |
| No fallback to HTTP/2 | Older clients broken | Server supports both, client negotiates |
| 0-RTT without replay protection | Replay attacks possible | Limit 0-RTT to idempotent requests |
| No HTTP/3 monitoring | Cannot measure adoption or performance | Track protocol version in access logs |
HTTP/3 is not just another protocol version — it is a fundamental change from TCP to UDP-based transport. For mobile users on lossy networks, the performance difference is dramatic: fewer stalls, faster loads, and seamless network transitions.
