Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires traffic to be proxied over UDP.
Gateway applies HTTP policies to HTTP/3 traffic last. For more information, refer to the order of enforcement.
Enable HTTP/3 inspection
To enable HTTP/3 inspection:
- In Zero Trust, go to Settings > Network.
- Under Firewall, enable Proxy and select UDP.
- Enable TLS decryption.
Gateway can inspect HTTP/3 traffic from Microsoft Edge, as well as other HTTP applications, such as cURL.
The following browsers do not support HTTP/3 inspection:
- Google Chrome
If the UDP proxy is enabled in Zero Trust, Gateway will force all HTTP/3 traffic in these browsers to fall back to HTTP/2, allowing you to enforce your HTTP policies.
Prevent inspection bypass
If the UDP proxy is not enabled, HTTP/3 traffic will bypass inspection. To avoid this behavior, disable QUIC in your users’ browsers.