HTTPS Checker

Security Tool

HTTP/2 and HTTP/3: What They Are and How to Enable Them

Most of the web still runs on HTTP/1.1, but HTTP/2 and HTTP/3 are widely supported now and can make your site feel faster. They don't replace HTTPS; they run on top of it. If you've already got SSL in place, enabling HTTP/2 or HTTP/3 is often a few config tweaks. Here's what they do and how to turn them on.

Key takeaways

  • HTTP/2 adds multiplexing, header compression, and server push. It runs over TLS, so you need HTTPS first.
  • HTTP/3 uses QUIC (UDP) instead of TCP. It can reduce latency and helps when packet loss is high. Browsers and CDNs support it more and more.
  • In Nginx you enable HTTP/2 in the listen directive. For HTTP/3 you need a build with QUIC and the right listen options.
  • Cloudflare enables HTTP/2 and HTTP/3 by default for proxied traffic. You can confirm in the dashboard or with our HTTP/3 checker.

What HTTP/2 gives you

HTTP/1.1 sends one request per connection (or a few with keep-alive) and headers are sent in plain text every time. HTTP/2 allows many requests over a single connection (multiplexing), compresses headers, and lets the server push resources before the client asks. In practice that means less overhead and faster loading when you have many small assets. All major browsers and most servers support it. The catch: it's defined to use TLS, so you need HTTPS. If your site is already on HTTPS, adding HTTP/2 is usually just a config change.

What HTTP/3 (QUIC) adds

HTTP/3 is built on QUIC, which uses UDP instead of TCP. One big win is that with QUIC, a lost packet doesn't block the whole connection; only that stream is affected. That can improve performance on shaky networks. HTTP/3 is still evolving but support is solid in Chrome, Edge, and Safari, and many CDNs and some origins support it. You can see if a site advertises HTTP/3 with our HTTP/3 checker.

Enabling HTTP/2 in Nginx

You need Nginx 1.9.5 or newer (with ALPN) and SSL. In your server block, add http2 to the listen directive for port 443.

Reload Nginx after changing the config. Clients that support HTTP/2 will negotiate it over the same HTTPS port. No separate port needed.

Enabling HTTP/3 in Nginx

HTTP/3 in Nginx requires a build that includes the QUIC module. Not all distros ship it yet. If you're on a recent Nginx mainline build with QUIC, you add a listen ... quic reuseport; directive and the appropriate SSL config. Because this varies by Nginx version and distro, check the official Nginx docs for your setup. Many teams skip running HTTP/3 on the origin and rely on Cloudflare or another CDN to handle it at the edge.

Cloudflare

If your site is behind Cloudflare, HTTP/2 is on by default for HTTPS traffic between the visitor and Cloudflare. You don't have to do anything. HTTP/3 (QUIC) is also enabled by default. You can confirm in the dashboard under Network: look for "HTTP/2" and "HTTP/3 (with QUIC)" and ensure they're on. The connection from Cloudflare to your origin can stay HTTP/1.1 or HTTP/2 depending on what your server supports; visitors still get the benefit of HTTP/2 or HTTP/3 to the edge.

Other hosts

Shared hosting and managed platforms often enable HTTP/2 automatically when you have SSL. Check your host's docs or control panel. If you use cPanel, look for "HTTP/2" or "HTTP/2 and SPDY" in the SSL/TLS section. For Apache, you need mod_http2 and Protocols h2 http/1.1 in your virtual host. Once it's enabled, our HTTPS report shows whether HTTP/2 is in use, and the HTTP/3 checker tells you if HTTP/3 is advertised.

Check your site

Run your domain through our free HTTPS checker to see the full picture: redirects, certificate, security headers, and whether HTTP/2 is detected. For HTTP/3 specifically, use the HTTP/3 checker to see if your site (or your CDN) advertises QUIC. No signup needed.

Check your domain with HTTPS Checker

Questions about HTTP/2 or HTTP/3 on your stack? We're happy to help.

Contact us