How to Test if a Website supports HTTP/3?

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

By Chandan Kumar on December 15, 2019

Posted in

Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.

Did you enable H3 on your site and not sure how to verify it?

HTTP3 or H3 is the latest HTTP protocol developed by IETF. It’s still in a draft and expected to be supported by major browser/clients soon. H3 is based on the QUIC transport layer network protocol, which was originally designed by Google. It’s different than earlier versions like H2, which was derived from SPDY protocol.

Cloudflare published a great blog post explaining the technical implementation. Worth reading it.

At the time of writing, very few server-side application/webserver/network devices/CDN support H3. And, you can guess – Cloudflare is the first CDN to offer H3.

Let’s talk about client-side support.

H3 is still in the draft, so not every browser support H3 yet. At this time, you can use the following to test it. As usual, can I use would be a go-to reference to check supported browsers.

HTTP/3 Test

Geekflare HTTP/3 test quickly connects your site using cURL and reveals if it supports H3/QUIC protocol. If the connection is successful then it shows the advertised supported versions.

HTTP/3 Check

A web tool by LightSpeed.

Access HTTP/3 Check and enter the URL to be tested. You will get the results instantly.

Firefox

Firefox Nightly has recently announced the H3 support.

Firefox Nightly now has early HTTP/3 support for public testing!

— Daniel Stenberg (@bagder) November 4, 2019

Launch Firefox Nightly
Type about:config in the address bar and press enter
Accept the risk and continue
Search for network.http.http3.enabled and click on the toggle button to enable it.

Restart the Firefox nightly and open developer tools
Access the site and look at the “Protocol” column.

Geekflare supports HTTP/3, and you can see that.

Google Chrome

You expected, didn’t you?

You can use Chrome Canary to test.

Google Chrome Canary just became the first (available) browser to integrate (very) experimental #QUIC and HTTP/3 support!

Add flags “–enable-quic –quic-version=h3-23” and you should see “http/2+quic/99” show up in the devtools, which is actually http3 in disguise! pic.twitter.com/5Fhui46h3x

— Robin Marx (@programmingart) September 19, 2019

Launch Chrome Canary with "--enable-quic --quic-version=h3-23" flag and run the test. You will not see H3 or HTTP/3 as a protocol in developer tools but “http2+quic/99”.

cURL

Don’t want to leave your terminal?

cURL is great, and the latest version lets you test using --http3 flag. Download cURL and build it from the source.

curl --http3 https://yoursite.com -I

Another option would be to build the cURL client as below. This would work on Linux.

Install Rust environment

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Build quiche as explained here

It works!

Conclusion

I hope this gives you an idea about testing the site if HTTP/3 is enabled. If you are a site owner, then take advantage of this latest protocol for better web performance.