HTTP/3
Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires a user-side certificate to be deployed and traffic to be proxied over UDP with TLS version 1.3.
Gateway applies HTTP policies to HTTP/3 traffic last. For more information, refer to the order of enforcement.
To enable HTTP/3 inspection:
- In Zero Trust ↗, go to Settings > Network.
- Under Firewall, enable Proxy and select UDP.
- Enable TLS decryption.
Gateway can inspect HTTP/3 traffic from Microsoft Edge, as well as other HTTP applications, such as cURL.
By default, the following browsers do not support HTTP/3 inspection unless you disable QUIC:
- Google Chrome
- Safari
- Firefox
If the UDP proxy is enabled in Zero Trust, Gateway will force all HTTP/3 traffic in these browsers to fall back to HTTP/2, allowing you to enforce your HTTP policies. If the UDP proxy is not enabled, HTTP/3 traffic will bypass inspection.
To prevent HTTP/3 traffic from bypassing inspection, disable QUIC in your users’ browsers.
Google Chrome
- Go to
chrome://flags
- Disable Experimental QUIC protocol.
- Relaunch Chrome.
Safari
- Go to Safari > Settings > Advanced and enable Show Develop menu in menu bar, then relaunch Safari.
- Go to Develop > Experimental Features and disable HTTP/3.
- Relaunch Safari.
Firefox
- Go to
about:config
. - If you receive a warning, select Accept the Risk and Continue.
- Disable network.http.http3.enable.
- Relaunch Firefox.
Microsoft Edge
- Go to
edge://flags
- Disable Experimental QUIC protocol.
- Relaunch Edge.