HTTP/2 vs HTTP/3 — which one should your server be serving?
// published 2026-04-17
HTTP/2 and HTTP/3 are the successors to HTTP/1.1. Most modern sites serve at least one of them, but detecting which (and whether you should) is fuzzier than it sounds. Here's the short version.
HTTP/2 — runs over TCP + TLS
HTTP/2 multiplexes many requests over a single TCP+TLS connection, uses binary framing instead of plaintext headers, and compresses headers with HPACK. It's been the practical web default since ~2017 — if you're on a CDN or modern origin stack, you're probably already serving it.
How to detect it: TLS ALPN ("Application-Layer Protocol Negotiation"). During the TLS handshake, the client advertises supported protocols and the server picks one. If the server picks h2, you have HTTP/2. This is authoritative — no guessing.
HTTP/3 — runs over QUIC (UDP)
HTTP/3 swaps TCP for QUIC, Google's UDP-based transport with built-in encryption and better loss recovery. It fixes HTTP/2's head-of-line blocking (one lost TCP packet stalled every multiplexed stream). On mobile networks where packet loss is common, HTTP/3 is noticeably snappier.
How to detect it: You can't do an ALPN negotiation for HTTP/3 because QUIC is a different transport entirely. Servers advertise HTTP/3 support via the Alt-Svc HTTP response header: alt-svc: h3=":443"; ma=86400. Clients see that, remember it for the ma (max-age) window, and try QUIC on the next request.
Does your server support them?
The HTTP/2 + HTTP/3 Checker does both — opens a TLS connection with ALPN, fetches the Alt-Svc header. Paste your domain and you'll see something like:
HTTP/2: supported (via ALPN h2)HTTP/3: advertised (Alt-Svc: h3=":443")
Should you enable HTTP/3?
- If you're behind Cloudflare / Fastly / CloudFront — it's a one-click toggle. Just enable it. Zero downside.
- If you run your own origin — nginx got mainline HTTP/3 support in 1.25. LiteSpeed, Caddy, and H2O support it natively. Enable it on the edge, not the origin — HTTP/3 to the edge plus HTTP/2 from edge to origin is the common pattern.
- Corporate networks may block UDP:443. Falling back to HTTP/2 over TCP is automatic (that's what
Alt-Svcis for — it's a hint, not a requirement), so there's no risk of breakage.
What the protocol doesn't fix
A slow TTFB is almost always your application, not the wire protocol. If your HTTP/1.1 site is slow because you're running 20 synchronous database queries per request, HTTP/3 will make it slightly less slow. Profile first, protocol-swap second.
Check your site: /tools/http-protocol-checker.