CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

HTTP/3 & QUIC

Performance Advanced
debt(d5/e3/b3/t5)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches it' (d5). Detection hints list curl, chrome-devtools, and cloudflare — these are specialist tools rather than default linters. The code pattern described (HTTP/2 in use with no HTTP/3 support, high latency on mobile) requires deliberate investigation with tools like `curl --http3` or Chrome DevTools network panel to identify missing HTTP/3 support. It won't surface automatically in a standard build pipeline.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix describes enabling HTTP/3 in Nginx 1.25+ with `quic` and `http3` directives, plus serving the Alt-Svc header and opening UDP port 443 in firewall rules. This is slightly more than a one-line patch (involves config changes across web server config and possibly firewall/infrastructure rules) but is contained within one component/service, not a cross-codebase refactor.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3). The applies_to scope is web contexts only, and the choice is an infrastructure/protocol-layer concern at the edge (web server config, CDN settings). It doesn't propagate into application code or impose ongoing cognitive load on developers writing business logic — it's a localised operational commitment at the server/networking layer.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception field explicitly states that developers believe HTTP/3 is just HTTP/2 over UDP, when in fact QUIC reimplements TCP reliability and TLS at the transport layer with fundamentally different characteristics. Common mistakes also include assuming HTTP/3 is always faster and forgetting UDP firewall rules — these are documented gotchas that most developers eventually encounter rather than catastrophic misunderstandings.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-08 · reviewed by human

Also Known As

QUIC HTTP3 UDP HTTP head-of-line blocking

TL;DR

HTTP/3 runs over QUIC (UDP-based) instead of TCP — eliminating head-of-line blocking, reducing connection setup time, and improving performance on lossy networks.

Explanation

HTTP/2 over TCP has head-of-line blocking: a single lost packet stalls all multiplexed streams. HTTP/3 uses QUIC (Quick UDP Internet Connections) — each stream is independent, a lost packet only affects that stream. QUIC also combines TLS handshake with the connection handshake (0-RTT or 1-RTT vs TCP+TLS 3-RTT), dramatically reducing connection setup time. PHP servers: Caddy and nginx (with QUIC patch) support HTTP/3. CDNs (Cloudflare, Fastly) front-end HTTP/3 transparently. Impact is most significant for mobile users on lossy networks.

Common Misconception

HTTP/3 is just HTTP/2 over UDP — QUIC is a new transport protocol that reimplements TCP's reliability features plus TLS at the transport layer, offering fundamentally different performance characteristics.

Why It Matters

HTTP/2 on a 2% packet loss network performs worse than HTTP/1.1 due to head-of-line blocking — HTTP/3 maintains performance on the lossy mobile networks that account for a growing share of web traffic.

Common Mistakes

  • Not serving Alt-Svc header — clients need to discover HTTP/3 support before upgrading.
  • Assuming HTTP/3 is always faster — on good networks the difference is small; the benefit is on lossy mobile connections.
  • Not testing HTTP/3 connectivity — use curl --http3 to verify it works end-to-end.
  • Forgetting UDP firewall rules — QUIC uses UDP port 443 which may be blocked by corporate firewalls.

Code Examples

✗ Vulnerable 
// nginx without HTTP/3 — missing performance on mobile:
server {
    listen 443 ssl http2;
    # No QUIC/HTTP3 support
    # Mobile users on lossy networks get HTTP/2 head-of-line blocking
}
✓ Fixed 
# nginx with HTTP/3 (nginx-quic build):
server {
    listen 443 ssl http2;
    listen 443 quic reuseport;  # HTTP/3 on UDP

    ssl_protocols TLSv1.3;      # QUIC requires TLS 1.3

    # Advertise HTTP/3 support:
    add_header Alt-Svc 'h3=":443"; ma=86400';

    # Or use Cloudflare/Fastly CDN:
    # They handle HTTP/3 termination automatically
Added 16 Mar 2026
Edited 22 Mar 2026
Views 68

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 0 pings W 2 pings T 0 pings F 2 pings S 0 pings S 0 pings M 0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 2 pings S 1 ping M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 1 ping M 1 ping T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 0 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
ChatGPT 10 Amazonbot 7 Perplexity 5 SEMrush 5 Scrapy 5 Google 4 Ahrefs 4 Unknown AI 2 Claude 2 Majestic 1 Meta AI 1 Sogou 1
Also referenced
Core Web Vitals 71 Reverse Proxy vs Load Balancer 53 TLS Handshake 52 CDN (Content Delivery Network) 48
How they use it
crawler 44 crawler_json 3
Related categories
performance 3.2k frontend 1.7k networking 996
DEV INTEL Tools & Severity
🔵 Info ⚙ Fix effort: Medium
⚡ Quick Fix
Enable HTTP/3 in Nginx 1.25+ with quic and http3 directives — it eliminates TCP head-of-line blocking and reduces connection establishment to 0-RTT for returning visitors
📦 Applies To
any web
🔗 Prerequisites
🔍 Detection Hints
HTTP/2 in use but no HTTP/3 support; high latency on mobile networks where QUIC helps most
Auto-detectable: ✓ Yes curl chrome-devtools cloudflare
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: Medium ✗ Manual fix Fix: High Context: File
✓ schema.org compliant