chrome experimental quic protocol

The Chromium Projects

Quic, a multiplexed transport over udp.

QUIC is a new multiplexed transport built on top of UDP. HTTP/3 is designed to take advantage of QUIC's features, including lack of Head-Of-Line blocking between streams.

The QUIC project started as an alternative to TCP+TLS+HTTP/2, with the goal of improving user experience, particularly page load times. The QUIC working group at the IETF defined a clear boundary between the transport( QUIC ) and application(HTTP/3) layers, as well as migrating from QUIC Crypto to TLS 1.3 .

Because TCP is implemented in operating system kernels and middleboxes, widely deploying significant changes to TCP is next to impossible. However, since QUIC is built on top of UDP and the transport functionality is encrypted, it suffers from no such limitations.

Key features of QUIC and HTTP/3 over TCP+TLS and HTTP/2 include

• Reduced connection establishment time - 0 round trips in the common case
• Improved congestion control feedback
• Multiplexing without head of line blocking
• Connection migration
• Transport extensibility
• Optional unreliable delivery

IETF documents

• Version-Independent Properties of QUIC - RFC8999
• QUIC: A UDP-Based Multiplexed and Secure Transport - RFC9000
• Using TLS to Secure QUIC - RFC9001
• Congestion Control and Loss Detection - RFC9002
• HTTP/3 - IESG approved draft
• QPACK - IESG approved draft

Documentation

• SIGCOMM 2017 Paper
• QUIC overview
• A Guide to Parsing QUIC Client Hellos for Network Middlebox Vendors
• Legacy QUIC wire specification (versions up to and including Q043)
• Legacy QUIC wire specification (versions from Q044 to Q048 inclusive)
• Cleartext QUIC wire specification (versions Q049 and above)
• QUIC crypto design doc
• Getting started with the QUIC toy client and server
• QUIC tech talk
• QUIC Discovery
• QUIC FEC v1 (deprecated)
• QUIC flow control

Pre-Working Group IETF Material

• Introduction
• QUIC Protocol Overview
• Implementing QUIC For Fun And Learning (Christian Huitema, Microsoft)
• QUIC Congestion Control and Loss Recovery
• Initial Presentation at IETF-88 ( Slides )
• QUIC Connection Migration demo
• Chrome implementation
• Standalone test server and client

Mailing lists

• [email protected] - QUIC mailing list specific to Chromium
• [email protected] - QUIC working group mailing list

Abridged QUIC Version History

• In 2012, Google started working on QUIC
• In 2013, Chrome started small-scale experiments with the original versions of QUIC (those versions are now known as Google QUIC)
• In 2014, Chrome started a wide-scale deployment of Google QUIC
• In 2015, Google brought QUIC to the IETF
• In 2017, the IETF started creating versions of QUIC that diverged from Google QUIC (those new versions were then called IETF QUIC)
• In 2020, Chrome started wide-scale experiments with IETF QUIC
• In 2021, the IETF officially published QUIC as RFC 9000. Chrome added support for RFC 9000 in Chrome 90 and default-enabled it for all users in Chrome 93

How to Disable Experimental QUIC Protocol (Chrome, Edge, Firefox, and Opera)

QUIC (Quick UDP Internet Connections) is a transport layer network protocol.

It’s used in browsers like Chrome to improve web performance and security.

It does this by combining the low-latency benefits of UDP with the reliability features of TCP.

This allows faster connection establishment and better handling of network congestion.

In this guide, you’ll learn how to disable the Experimental QUIC Protocol on Chrome, Edge, Firefox, and Opera.

Disable QUIC Protocol on Chrome

Disable quic protocol on edge, disable quic protocol on firefox, disable quic protocol on opera.

• Type “ chrome://flags/ ” (without quotation marks) on the Chrome address bar and press Enter.
• Search for “Experimental QUIC protocol”.
• Change the option to “Disabled”.
• Select “Relaunch” to apply the changes.

• Type “ edge://flags ” (without quotation marks) on the Edge address bar and press Enter.
• Select “Restart” to apply the changes.
• Type “ about:config ” (without quotation marks) on the Firefox address bar and press Enter.
• Select “Accept the Risk and Continue”.
• Search for “network.http.http3.enabled”.
• Double-click the “network.http.http3.enabled” preference to set its value to False.
• Restart the Firefox browser to apply the changes.
• Type “ opera://flags ” (without quotation marks) on the Opera address bar and press Enter.
• Restart the Opera browser to apply the changes.

Further reading

How to Fix “Windows protected your PC” Pop Up

How to Fix “Error downloading the file content” in Outlook

How to Fix Microphone too Quiet in OBS

You may also like

Star Wars Jedi Academy AR Quiz Answers

How to Get Yellow Obsidian Ring in Genshin Impact

How to Use Valorstones in WoW

About the author.

Lim How Wei

Lim How Wei is the founder of followchain.org, with 8+ years of experience in Social Media Marketing and 4+ years of experience as an active investor in stocks and cryptocurrencies. He has researched, tested, and written thousands of articles ranging from social media platforms to messaging apps.

Lim has been quoted and referenced by major publications and media companies like WikiHow, Fast Company, HuffPost, Vice, New York Post, The Conversation, and many others. One of his articles about the gig economy was quoted by Joe Rogan who hosts The Joe Rogan Experience (arguably the most popular podcast in the world), in the This Past Weekend podcast by Theo Von.

In his free time, Lim plays multiple games like Genshin Impact, League of Legends, Counter-Strike, Hearthstone, RuneScape, and many others. He creates guides, walkthroughs, solutions, and more on games that he plays to help other players with their progression.

How to Enable HTTP/3 (QUIC) Protocol in Chrome

HTTP/3 is finally getting the much needed boost with Cloudflare, Google Chrome, and Firefox adding support for the QUIC protocol. While Google has already added QUIC as an experimental feature in the Chrome Canary version 79, Firefox will be rolling out support to a Nightly build later this fall.

For the unaware, HTTP/3 is the future of web. It is a completely re-written HTTP protocol that is used to move content from a website’s server to a client software such as web browsers and mobile apps. HTTP/3 uses QUIC protocol instead of TCP which the previous and current (HTTP/2) protocol uses. All in all, HTTP/3 is faster, noticeably faster than anything we have seen before.

Google and Cloudflare have now opened the protocol for public testing. However, websites need to move to HTTP/3 as well for you to see the benefits of using a HTTP3 enabled browser. Thankfully, webmasters using using Cloudflare’s CDN services for their sites, can now enable support for HTTP/3 from their Cloudflare dashboard.

Enabling HTTP/3 (QUIC) support in Chrome

HTTP/3 support is currently supported in Chrome Canary version 79 and above. Chrome Canary is the bleeding edge releases of Chrome, it can be pretty unstable and you should not use it for mainstream work. You can download Chrome Canary from the link below.

Run the Google Chrome Canary installer that you downloaded from the link above, and install the browser on your computer.

Once installed, launch Chrome Canary on your computer. Then type chrome://flags in the address bar and hit enter to access Chrome’s experimental features page.

In the search box on the Experiments page, type “QUIC” in the search box and to filter out all experimental features and quickly find the “Experimental QUIC protocol” flag.

Click on the “Default” drop-down menu box next to “Experimental QUIC protocol” flag, and select “Enabled” from the available options.

After selecting “Enabled” for the QUIC protocol feature, a “Relaunch” button will appear at the bottom of the screen. Click on it to relaunch Chrome Canary and enable QUIC protocol.

That’s it. QUIC protocol is now activate in your Chrome Canary installation. HTTP/3 and QUIC supported websites should load faster now, if you can find any.

FYI, google.com , youtube.com , android.com , and most other Google owned domains already support QUIC protocol.

Claude Sonnet 3.5 vs. ChatGPT-4o: Which is better?

5 best AI Web Browsers in 2024

7 best AI search engines in 2024

Get all the latest posts delivered straight to your inbox., member discussion.

• Español – América Latina
• Português – Brasil
• Tiếng Việt
• Chrome for Developers

RTCQuicTransport Coming to an Origin Trial Near You (Chrome 73)

The RTCQuicTransport is a new web platform API that allows exchanging arbitrary data with remote peers using the QUIC protocol. It’s intended for peer to peer use cases, and therefore is used with a standalone RTCIceTransport API to establish a peer-to-peer connection through ICE . The data is transported reliably and in order (see section below for details on unordered & unreliable delivery). Since it is a generic, bidirectional data transport, it can be used for gaming, file transfers, media transport, messaging, etc.

A powerful low level data transport API can enable applications (like real time communications) to do new things on the web. You can build on top of the API, creating your own solutions, pushing the limits of what can be done with peer to peer connections, for example, unlocking custom bitrate allocation knobs. In the future, further support for encoded media could even enable building your own video communication application with low level controls. WebRTC’s NV effort is to move towards lower level APIs, and experimenting early with this is valuable.

The QUIC protocol is desirable for real time communications. It is built on top of UDP, has built in encryption, congestion control and is multiplexed without head of line blocking. The RTCQuicTransport gives very similar abilities as the RTCDataChannel API, but uses QUIC rather than SCTP as its transport protocol. Because the RTCQuicTransport is a standalone API, it doesn’t have the overhead of the RTCPeerConnection API, which includes the real time media stack.

General API overview

The API has 3 main abstractions, the RTCIceTransport , RTCQuicTransport and RTCQuicStream .

RTCIceTransport

ICE is a protocol to establish peer-to-peer connections over the internet and is used in WebRTC today. This object provides a standalone API to establishes an ICE connection. It is used as the packet transport for the QUIC connection, and the RTCQuicTransport takes it in its constructor.

RTCQuicTransport

Represents a QUIC connection. It is used to establish a QUIC connection and create QUIC streams. It also exposes relevant stats for the QUIC connection level.

RTCQuicStream

Used for reading and writing data to/from the remote side. Streams transport data reliably and in order. Multiple streams can be created from the same RTCQuicTransport and once data is written to a stream it fires an “onquicstream” event on the remote transport. Streams offer a way to distinguish different data on the same QUIC connection. Common examples can be sending separate files across separate streams, small chunks of data across different streams, or different types of media across separate streams. RTCQuicStream s are lightweight, are multiplexed over a QUIC connection and do not cause head of line blocking to other RTCQuicStream s.

Connection Setup

The following is an example for setting up a peer-to-peer QUIC connection. Like RTCPeerConnection , the RTCQuicTransport API requires the use of a secure signaling channel to negotiate the parameters of the connection, including its security parameters. The RTCIceTransport negotiates it’s ICE parameters (ufrag and password), as well as RTCIceCandidate s.

Client perspective:

Server perspective:, data transfer.

Data transfer can be achieved using the RTCQuicStream APIs for reading and writing:

The promises returned by the waitFor* methods allow buffering data when JavaScript is busy. Back pressure is applied to the send side when the read buffer becomes full on the receive side. The send side has a write buffer that can fill when back pressure has been applied, and therefore the write side has a waitForWriteBufferedAmountBelow method as well to allow waiting for room in the buffer to write. More information on writing/reading data can be found in the further developer documentation .

Unordered/Unreliable Delivery

While an RTCQuicStream only supports sending data reliably and in order, unreliable/unordered delivery can be achieved through other means. For unordered delivery, one can send small chunks of data on separate streams because data is not ordered between streams. For unreliable delivery, one can send small chunks of data with finish set to true, followed by calling reset() on the stream after a timeout. The timeout should be dependent on how many retransmissions are desired before dropping the data.

The origin trial will start in the Chrome 73 version, and will be available up to and including the M75 version. After this the origin trial will end. Based upon feedback and interest we will make appropriate changes and either ship the API, continue with a new origin trial of this API, or discontinue the API.

Chrome browser in all platforms but iOS.

One of the main goals of the origin trial is to get feedback from you, the developers. We’re interested in:

• What does this API enable for you?
• How does this API improve upon other data transport APIs ( WebSocket s or WebRTC’s RTCDataChannel )? How could it improve?
• Performance
• API ergonomics

Register for the origin trial

• Request a token for your origin.
• Add an origin-trial <meta> tag to the head of any page. For example, this may look something like: <meta http-equiv="origin-trial" content="TOKEN_GOES_HERE">
• If you can configure your server, you can also provide the token on pages using an Origin-Trial HTTP header. The resulting response header should look something like: Origin-Trial: TOKEN_GOES_HERE

Web Specification

The draft specification has moved ahead of the API in the origin trial including:

• Unidirectional streams that are more closely aligned with WHATWG streams
• Disabling retransmissions
• (Coming soon) datagrams

We are interested in implementing the full specification and beyond (including WHATWG stream support), but want to hear your feedback first!

Security in the QUIC handshake is enforced through usage of a pre shared key to establish an encrypted P2P QUIC connection. This key needs to be signaled over a secure out of band channel with confidentiality and integrity guarantees. Note that the key will be exposed to JavaScript.

Active Attack

Unlike DTLS-SRTP, which just requires integrity for signaling the certificate fingerprint, signaling the pre shared key requires integrity and confidentiality. If the PSK is compromised (say by the server in the signaling channel), an active attacker could potentially mount a man-in-the-middle attack against the QUIC handshake.

Current status

Helpful Links

• Further documentation
• Public explainer
• Tracking bug
• Request an origin trial token
• How to use an origin trial token
• Discussion on issues for RTCQuicTransport
• Discussion on issues for RTCIceTransport

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2019-01-31 UTC.

Chromium Blog

A quic update on google’s experimental transport.

• 10th birthday 4
• abusive ads 1
• abusive notifications 2
• accessibility 3
• ad blockers 1
• ad blocking 2
• advanced capabilities 1
• anti abuse 1
• anti-deception 1
• background periodic sync 1
• benchmarks 1
• better ads standards 1
• browser interoperability 1
• capabilities 6
• capable web 1
• chrome 81 1
• chrome 83 2
• chrome 84 2
• chrome ads 1
• chrome apps 5
• Chrome dev 1
• chrome dev summit 1
• chrome dev summit 2018 1
• chrome dev summit 2019 1
• chrome developer 1
• Chrome Developer Center 1
• chrome developer summit 1
• chrome devtools 1
• Chrome extension 1
• chrome extensions 3
• Chrome Frame 1
• Chrome lite 1
• Chrome on Android 2
• chrome on ios 1
• Chrome on Mac 1
• Chrome OS 1
• chrome privacy 4
• chrome releases 1
• chrome security 10
• chrome web store 32
• chromedevtools 1
• chromeframe 3
• chromeos.dev 1
• cloud print 1
• coalition 1
• coalition for better ads 1
• contact picker 1
• content indexing 1
• core web vitals 2
• cumulative layout shift 1
• custom tabs 1
• dashboard 1
• Data Saver 3
• Data saver desktop extension 1
• deceptive installation 1
• declarative net request api 1
• developer dashboard 1
• Developer Program Policy 2
• developer website 1
• devtools 13
• digital event 1
• discoverability 1
• DNS-over-HTTPS 4
• emscriptem 1
• enterprise 1
• extensions 27
• Fast badging 1
• faster web 1
• field data 1
• first input delay 1
• form controls 1
• frameworks 1
• google earth 1
• google event 1
• google io 2019 1
• google web developer 1
• googlechrome 12
• harmful ads 1
• incognito 1
• insecure forms 1
• intent to explain 1
• ios Chrome 1
• issue tracker 3
• javascript 5
• labelling 1
• largest contentful paint 1
• lazy-loading 1
• lighthouse 2
• Lite Mode 2
• Lite pages 1
• loading interventions 1
• loading optimizations 1
• lock icon 1
• long-tail 1
• manifest v3 2
• microsoft edge 1
• mixed forms 1
• native client 8
• native file system 1
• New Features 5
• notifications 1
• origin trials 2
• pagespeed insights 1
• pagespeedinsights 1
• passwords 1
• payment handler 1
• payment request 1
• performance 20
• performance tools 1
• permission UI 1
• permissions 1
• play store 1
• prefetching 1
• privacy sandbox 4
• private prefetch proxy 1
• profile guided optimization 1
• progressive web apps 2
• Project Strobe 1
• protection 1
• quieter permissions 1
• root program 1
• safe browsing 2
• Secure DNS 2
• security 36
• site isolation 1
• slow loading 1
• sms receiver 1
• spam policy 1
• store listing 1
• subscription pages 1
• suspicious site reporter extension 1
• the fast and the curious 23
• transparency 1
• trusted web activities 1
• user agent string 1
• user data policy 1
• web assembly 2
• web developers 1
• web intents 1
• web packaging 1
• web payments 1
• web platform 1
• web request api 1
• web vitals 1
• web.dev live 1
• webassembly 1
• webmaster 1
• websockets 5
• webtiming 1
• writable-files 1
• yerba beuna center for the arts 1

The QUIC Transport Protocol: Design and Internet-Scale Deployment

Research areas, learn more about how we conduct our research.

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work.

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

What's the chrome default for QUIC protocol?

Navigating to chrome://flags/#enable-quic in Chrome, I can see that the "experimental quic protocol" is set to default.

Having it set to enabled means it's enabled, and disabled means it's disabled, pretty straightforward.

But what's default equal to? Enabled? Disabled? Something in between?

If you go to chrome://net-internals/#quic you can see your live QUIC session.

Since I have live QUIC session, I assume they're enabled.

But is there a difference with default and enabled?

• google-chrome

2 Answers 2

By default QUIC is enabled, but only for websites that support it, such as Google's own websites.

Wikipedia QUIC says this :

As of December 2017, 97.5% of websites using QUIC are running LiteSpeed Web Server.

If you are curious about which websites support it, the extension HTTP/2 and SPDY indicator adds an indicator button for HTTP/2, SPDY and QUIC support for each website.

Actually, since December 2018 the default setting seems to disable QUIC on Chrome Version 71.0.3578.98 (Official Build) (64-bit) d.d. 9th January 2019. I don't know why this has been changed without notice.

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged google-chrome ..

• The Overflow Blog
• Where does Postgres fit in a world of GenAI and vector databases?
• Mobile Observability: monitoring performance through cracked screens, old...
• Featured on Meta
• Announcing a change to the data-dump process
• Bringing clarity to status tag usage on meta sites

Hot Network Questions

• How can I typeset \sim-like arrow?
• How to create a grid of numbers 25x25 from 1 to 625 in geometry node?
• Parse Minecraft's VarInt
• How can I draw intersection of a sphere and a plane?
• Does it pay to put effort in fixing this problem or better reinstall Ubuntu 24.04 from scratch?
• Which Mosaic law was in the backdrop of ceremonial hand-washing in Mark 7?
• Rings demanding identity in the categorical context
• What unique phenomena would be observed in a system around a hypervelocity star?
• What does this translated phrase convey "The heart refuses to obey."?
• If Starliner returns safely on autopilot, can this still prove that it's safe? Could it be launched back up to the ISS again to complete it's mission?
• Extending line bundle to regular model
• The Fourth Daughter
• Why is the movie titled "Sweet Smell of Success"?
• What is the highest apogee of a satellite in Earth orbit?
• What does "CD military" mean on this sign at this crossing point between East Berlin and West Berlin? (June/July 1989)
• How did Oswald Mosley escape treason charges?
• Motion of the COM of 2-body system
• Math format bug for \mathbf command in TeXLive 2023/2024
• AM-GM inequality (but equality cannot be attained)
• Held Action Sneak attack after action surge
• Who was the "Dutch author", "Bumstone Bumstone"?
• What's the translation of a refeed in French?
• Where does the energy in ion propulsion come from?
• How do eradicated diseases make a comeback?

• Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
• Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
• OverflowAI GenAI features for Teams
• OverflowAPI Train & fine-tune LLMs
• Labs The future of collective knowledge sharing
• About the company Visit the blog

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Get early access and see previews of new features.

QUIC Mode Detection in Chrome

I was wondering if anybody knew of a way to detect in Chrome whether QUIC mode is enabled? Or to disallow the site from using that protocol?

i ask as it sometimes causes my application to bug, and if it could be disabled for that website alone then that would make my site work better :)

Thanks! Alex

• google-chrome

• 1 Block port 80 UDP –  Farkie Commented Aug 30, 2016 at 8:39
• Ahha, I guess I didn't know quick was on the same port as HTTP... Im using PeerJS to make two way communication between computers so HTTP is required. I guess if its on the same port there is no way. Thanks. –  Bogomip Commented Aug 31, 2016 at 0:31
• 1 HTTP is TCP, QUIC is UDP.. you could just block the UDP traffic –  Farkie Commented Aug 31, 2016 at 7:14

There are seval ways to block/disable QUIC. Here I can suggest some:

Method 1 : Disable Experimental QUIC protocol on Google Chrome browser.

This can be done by opening Google Chrome, in the URL type chrome://flags . Look for Experimental QUIC protocol and disable it.

Method 2 : Block UDP port 80 and port 443 on your custom firewall service

Detect QUIC in Chrome : If you want to see if your connection to Chrome uses QUIC, here is a browser extension that can tell you. Moreover, you can find all the details about Chrome’s QUIC usage under the net-internals flag ( chrome://net-internals/#quic ).

Your Answer

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Sign up or log in

Post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Not the answer you're looking for? Browse other questions tagged javascript php google-chrome or ask your own question .

• The Overflow Blog
• Where does Postgres fit in a world of GenAI and vector databases?
• Mobile Observability: monitoring performance through cracked screens, old...
• Featured on Meta
• Announcing a change to the data-dump process
• Bringing clarity to status tag usage on meta sites
• What does a new user need in a homepage experience on Stack Overflow?
• Staging Ground Reviewer Motivation
• Feedback requested: How do you use tag hover descriptions for curating and do...

Hot Network Questions

• How can moral disagreements be resolved when the conflicting parties are guided by fundamentally different value systems?
• magnetic boots inverted
• Why does average of Monte Carlo simulations not hold for simple problem?
• What unique phenomena would be observed in a system around a hypervelocity star?
• What does "CD military" mean on this sign at this crossing point between East Berlin and West Berlin? (June/July 1989)
• Do angels have different dwelling places?
• Motion of the COM of 2-body system
• Why is the movie titled "Sweet Smell of Success"?
• Felt VR40 - 2020
• How much easier/harder would it be to colonize space if humans found a method of giving ourselves bodies that could survive in almost anything?
• Can I endow the following 3-manifold with a hyperbolic metric?
• Maximizing the common value of both sides of an equation
• Encode a VarInt
• How to remove obligation to run as administrator in Windows?
• Which hash algorithms support binary input of arbitrary bit length?
• What's the translation of a refeed in French?
• Does the order of ingredients while cooking matter to an extent that it changes the overall taste of the food?
• Has a tire ever exploded inside the Wheel Well?
• How can I draw intersection of a sphere and a plane?
• What prevents a browser from saving and tracking passwords entered to a site?
• What is the purpose of these 33-ohm series resistors on the RMII side of the LAN8742A?
• Is 3 ohm resistance value of a PCB fuse reasonable?
• Cannot open and HTML file stored on RAM-disk with a browser
• Coding exercise to represent an integer as words using python

• Apps and Tools
• Product Agnostic
• Malware and Technologies

[KB6757] Disable QUIC protocol in Google Chrome browser

• In some cases, Web Protection and Parental Control / Web Control may not work correctly when support for QUIC is enabled in Google Chrome or Microsoft Edge
• If you have encountered some of these functionality issues, you may try to disable QUIC support in Google Chrome or Microsoft Edge manually

QUIC (Quick UDP Internet Connections) is an experimental transport layer network protocol designed by Google and announced publicly in 2013 as a part of Chromium version 29 of Chrome internet browser. The protocol was designed to support secure connection with low latency and bandwidth requirements.

QUIC is currently enabled by default in the Chromium-based internet browsers and some of the sites (including Google and YouTube) offer connection via this protocol.

The idea of QUIC is to make transport that would work better for internet than TCP. Using UDP helps to optimize transport layer algorithms and use its specific cryptography (in comparison to TLS on HTTPS on TCP). For the small percentages of users with blocked UDP, QUIC reverts automatically back to TCP based connectivity.

Follow the steps below to disable QUIC protocol on Google Chrome or Microsoft Edge internet:

Open Google Chrome or Microsoft Edge.

In the URL address field, type chrome://flags and press Enter . For Microsoft Edge users, type edge://flags and press Enter . 

Chrome is known for its simplicity and speed. Despite this, there are a lot of extra tools under the hood. This includes several experimental features that can be accessed through special Chrome Flags.

Considering these are all test features that might not even make it to the stable version of Chrome, bugs are expected. Nonetheless, if you are willing to go through the occasional hiccup, some enable an improved browsing experience. Let’s take a look at some of our favorites.

What is a Chrome Flag?

Chrome Flags are experimental features Google hasn’t released yet, but you can access and try. Just remember these aren’t ready for an official release just yet. This means they may not work very well all of the time. You may encounter the occasional hiccup, bug, or crash.

How do you access Chrome Flags settings?

No matter how much you dig into menus and options, you won’t find them in the settings unless you know how to access this section. You need to know your way in!

How to access the Chrome Flags page:

• Open Chrome .
• Click on the address and delete any URL that might be in it.
• Type the following in the address bar: “chrome://flags/” (without quotation marks).
• Press Enter .
• You are in!

By the way, these steps work both on mobile and desktop. That said, not all Chrome Flags are available for all platforms. There are two primary tabs on the page: Available and Unavailable. Some of these experimental features are only available on specific devices. You can’t use features made for Android on devices like a laptop, for example.

How to enable a Chrome Flag:

• Once you find yourself within the page, go ahead and search for the Chrome Flag you want to try out.
• Select the drop-down menu under the Flag you want to use. It usually reads either Default or Disabled .
• Select Enabled .
• You’ll need to relaunch Chrome most of the time. Hit Relaunc h if the option shows up.

Note: These instructions were assembled using a Google Pixel 7 running Android 14. These steps are identical across all Chrome browsers, though. The same steps will work on desktop and iOS.

Are Chrome Flags safe?

Once in the Chrome Flags settings, you will see a warning message telling you about the dangers of using them. This is because experimental features can cause issues and hiccups in the browser. They are usually not too unstable, but some can be. Regardless, you can easily disable them.

How to disable Chrome Flags:

• Access the Chrome Flags settings as directed in the previous section.
• Find the experimental Chrome Flag you want to disable.
• Select the drop-down menu and select Disabled .
• Alternatively, you can press the button in the top-right corner that says Reset all to deactivate all of them.
• You’ll need to relaunch Chrome most of the time. Hit Relaunch if the option shows up.

The best Chrome Flags

Smooth scrolling, touch ui layout.

• QUIC Protocol
• Zero-copy rasterizer
• Force Dark Mode
• Parallel Downloading

Show autofill predictions

Live caption.

• GPU rasterization

Chrome Refresh 2023

Override software rendering list, partial swap.

Editor’s note: We’ll regularly update this list with new Chrome Flags. All instructions moving forward were put together using a custom PC running Windows 11 and Chrome version 122.0.6261.129, unless otherwise specified.

Ever notice your scrolling stutter or that it can get a bit sluggish? There could be many reasons it’s happening, but this Chrome Flag will likely improve the situation. Search for “Smooth Scrolling” in the search bar and enable the feature. It’s a great feature Android users should enable, but you can also use it on Windows, Linux, and Chrome OS.

Many convertible laptops, Windows tablets, and other devices now come with capable touch screens. This makes it possible to interact with content more naturally. Sometimes, the desktop interface doesn’t work well with touch commands, though. The browser has a touch-optimized UI hidden in the Chrome Flags.

In the search bar, search for “Touch UI Layout.” Click on the drop-down menu next to it and select Enabled .

Experimental QUIC Protocol

Certain Chrome Flags speed up your browsing experience. QUIC is Google’s protocol, and it’s designed to make the web faster. Enabling this one will speed things up, but only when websites have been optimized for it. Something is better than nothing, though!

On the main page, search for “Experimental QUIC Protocol.” Click on the drop-down menu next to it and select Enabled .

Enable Zero-copy rasterizer

If you want Chrome’s general performance to be faster, one neat trick is to enable Zero-copy rasterizer. This will allow Chrome threads to write directly to the GPU for tile management. In turn, Chrome should operate faster, at least theoretically. Whether you’ll actually notice a difference is another story. Also, it makes Chrome more prone to crashes. You can definitely give it a try, though.

Search for “Zero-copy rasterizer” and enable it in the drop-down Chrome Flags menu.

Auto Dark Mode for Web Contents

Dark Mode is pretty cool, both aesthetically and for eye comfort reasons . If you are also a fan of it, you want all website content to support it. Sadly, not all websites cooperate, but a secondary option forces the option on all websites.

Open the Chrome Flags page and search for “Auto Dark Mode for Web Contents.” Enable the feature through the drop-down menu next to it.

Parallel Downloading Chrome Flag

Waiting for large files to download can be a hassle. Let’s cut delays by dividing downloads into multiple files to be downloaded simultaneously.

Search for “Parallel Downloading” and enable the feature using the drop-down menu to the right.

Nobody likes filling out forms, so Google simplifies this process using autofill. Still annoying? You can automatically have Chrome autofill form information by enabling the “Show autofill predictions” feature.

Search for “Show Autofill Predictions” and enable the feature using the drop-down menu to the right.

Some video players and websites offer captions, but this isn’t a universal feature. Those who want transcripts for all recognized words in media can use the Live Caption Chrome Flag.

Search for “Live Caption” and enable it.

GPU Rasterization

Is Chrome simply not fast enough for you? We know how you can harness the full power of your computer to speed things up. There’s a trick, though; you need to have a dedicated GPU for this one to make any improvements to Chrome’s performance. GPU Rasterization allows Chrome to take some of the workload off the CPU and have your GPU take care of it.

Here’s how to do it. Search for “GPU rasterization” and enable the feature using the drop-down menu.

Chrome is starting to look a bit outdated, right? Everything is kind of square and dull. If you want a more modern design, go into the Chrome Flags and enable “Chrome Refresh 2023.” The new design hasn’t been pushed out to all users, but Google has been working on it. It resembles Material You, with more colorful and playful hues and rounded corners. Additionally, it will feel better on touchscreen devices, as Material You is a mobile-focused design language.

GPU acceleration on Chrome is usually only available for supported devices. But, of course, there is a Chrome Flag for nearly everything. You can force Chrome to use GPU acceleration, even on unsupported devices. Just be warned that this may cause compatibility issues, as systems are often not supported for a reason.

Just look for “Override software rendering list” and enable the Chrome Flag.

Partial Swap improves memory management, and can supercharge your browser’s performance. It basically swaps memory usage, prioritizing tabs and tasks you are using at the moment. The thing is, this can also cause issues from time to time.

Partial swap comes enabled by default, so search for “Partial swap” to disable it. Or, if it’s disabled, you can try to enable it and see if it helps.

Using Chrome Flags is safe, but it can make your experience a bit buggy. The team also warns you could lose data and compromise privacy. This is just Google being careful, though. The worst that can usually happen is that you’ll need to relaunch Chrome and turn off the Chrome Flags, if anything goes wrong.

Chrome Flags are experimental features the Google team is testing. The team will make these official Chrome features once they are in good working order, if they are deemed worthy. This isn’t always the case, though. Additionally, Chrome Flags are often killed.

You can use Chrome Flags on both mobile and desktop browsers, but not all Chrome lags are available on every device. Some are desktop or mobile-specific. However, Chrome will separate unavailable Flags and put them into the Unavailable tab.

Enable QUIC protocol in Google Chrome

Want to help support this blog? Try out Oh Dear , the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Mattias Geniar, July 29, 2016

Follow me on Twitter as @mattiasgeniar

Google has support for the QUIC protocol in the Chrome browser, but it’s only enabled for their own websites by default. You can enable it for use on other domains too – assuming the webserver supports it. At this time, it’s a setting you need to explicitly enable.

To start, open a new tab and go to chrome://flags/ . Find the Experimental QUIC protocol and change the setting to Enabled . After the change, restart Chrome .

To find out of QUIC is enabled in your Chrome in the first place, go to chrome://net-internals/#quic .

In my case, it was disabled (which is the “default” value).

After changing the setting to enable QUIC support and restarting Chrome, the results were much better.

On the same page, you can also get a live list of which sessions are using the QUIC protocol. If it’s enabled, it’ll probably only be Google services for now.

I’m working on a blogpost to explain the QUIC protocol and how it compares to HTTP/2, so stay tuned for more QUIC updates!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly .

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.

How Google's QUIC Protocol Impacts Network Security and Reporting

Etienne Liebetrau

QUIC is a new protocol designed by Google to make the web faster and more efficient. It's on by default in Google Chrome and used by a growing list of websites. Unfortunately, most, if not all, firewalls do not currently recognize QUIC traffic as 'web' traffic, therefore it is not inspected, logged or reported on, leaving a gaping hole in your network's security.

This article describes how QUIC works, its current consequences on network security and reporting, and how you can resolve the issues associated with QUIC.

Google has always been obsessed with speed and over the years they have made numerous efforts to make the web more efficient and more performant. The new kid on the block for performance improvement is a protocol named QUIC . Where SPDY and HTTP/2 were iterative improvements on HTTP over TCP, QUIC is a different approach using UDP as the transport protocol.

QUIC is essentially HTTP/2 over UDP which is a new layer4 protocol.

At the time of writing this article, QUIC is still 'experimental', but is enabled by default in Google Chrome, and can be enabled in Opera 16. Other browsers will surely follow once the protocol is finalized. It is implemented on all Google web properties such as Google Search, YouTube, Gmail, Drive etc, and is being adopted by a growing list of other websites .

How QUIC Impacts Network Security

The issue is not with the protocol or the technology itself. The supposed upside of QUIC is that it makes web communications more efficient and faster. The problem is that it is not supported by security appliances such as firewalls yet, and has therefore inadvertently created a security hole for many organizations.

Most firewalls have extensive functionality when dealing with HTTP and HTTPS traffic. In most architectures, when HTTP traffic is detected, it is passed on to a web protection module that performs web filtering, deep packet inspection etc. HTTP traffic gets special treatment because the firewalls can interpret the traffic from Layer4 up to layer 7. This special treatment includes malware scanning and in most cases, enhanced reporting.

QUIC uses the traditional HTTP ports of 80 and 443 but that is where the similarities end. The supporting browsers and servers support this new protocol and are able to process it as web traffic, but the network device in between cannot determine the application protocol and switches to treating it like any generic layer 4 UDP traffic.

QUIC traffic is therefore not scrutinized as it should be and it is not forwarded to the firewall's web protection features.

The images below compare the Wireshark capture of traditional HTTPS TLS traffic with QUIC.

The real world implications of QUIC traffic range from not being able to restrict access to YouTube or enforce Google Safe Search, through to malware or ransomware being downloaded through Gmail or any other QUIC enabled website.

To compound the issue, you will most likely not be aware of any problems since the logging and reporting engines tied to the web protection features are also affected.

To further complicate things, the standards have not been locked down yet and the protocol is frequently revised, which is a reason why firewalls have not yet caught up.

How QUIC Impacts Logging and Reporting

From a reporting perspective, this means you cannot log and report on the full URLs of QUIC traffic, such as Google Search or YouTube, meaning search term alerts , or viewing a list of YouTube videos watched is not possible when QUIC is enabled.

Since the different firewalls do not recognize QUIC traffic as web traffic, they typically only log the traffic in their firewall log as generic UDP traffic. This means that the rich logging data we expect from HTTP traffic is not generated, logged or sent out via syslog.

Here is an example of normal TCP web traffic being detected by the Sophos XG firewall module and being passed onto the web protection module. Note how the firewall log contains relatively little data compared to the Webfilter log that records details such as URL, site cetegory etc.

Here is an example of the same site being accessed using QUIC. The firewall logging is still there but the web logging is not. All of the rich logging information is gone.

Products such as Fastvue Reporter rely on the ability of the firewall to correctly identify and log the web traffic. If you have seen a recent decline in traffic to and from Google sites (including YouTube, Gmail, Drive etc) there is a high probability that your firewall is allowing QUIC.

Did you know: Fastvue Reporter produces clean, simple, web usage reports using log data from your UTM or firewall that you can confidently send to department managers and HR team. It also helps to to support IT and network security teams with managing bandwith, reducing IT workload and troubleshooting with ease thanks to live alerts, dashboards and scheduled reports.

Resolving the QUIC issue

The good news is that if QUIC communication does not work between a client and a server, the traffic will fall back to traditional HTTP/HTTPS over TCP, where it can be inspected, controlled, logged and reported on as usual.

At the time of writing, the advice from most firewall vendors is to block QUIC until support is officially added to their products. This recommended method will vary from firewall to firewall.  Some firewalls allow QUIC by default while others block it by default, but all firewalls are able to allow or block it.

Common methods are to block either a defined QUIC protocol, QUIC application type, or create a firewall rule to block UDP on port 80 and 443. We suggest you seek guidance from your firewall manufacturer for recommended actions.

Here are some guides on blocking QUIC with some popular firewalls:

• How to Block QUIC with SonicWall
• How to Block QUIC with Sophos XG
• How to Block QUIC with Fortinet Fortigate
• How to Block QUIC with Palo Alto Networks
• How to Block QUIC with WatchGuard

Before you block UDP on port 443 consider the following. Using HTTP packets over UDP is not new or even unique to QUIC. OpenVPN which provides SSL VPN is capable of using either TCP or UDP as the transport. Have a look at the UDP users on the network and determine if it is safe to block all UDP traffic on port 443.

The Growing Use of QUIC

At the time of writing this article, QUIC is enabled by default when you use the Google Chrome browser, and you can enable QUIC in Opera 16. All the other major browsers do not yet support QUIC. But as Chrome currently claims 60% of the web browser market, this is not a point to ignore.

There was a time when only Google properties were implementing QUIC, such as Google Search, YouTube, Gmail and so on. However as it is an open protocol, it is now in use by a growing list of popular websites (such as meetup.com), as well a growing list of bad actors as they catch on to the fact that QUIC is a great way to effectively bypass malware scanners and content filters. So this point especially cannot be ignored!

How to check if you have QUIC

Depending on the configuration of your browser and firewall, you may be using QUIC without even knowing it. The simplest test to see if you QUIC is enabled in your environment is to use the Developer Tools native in the Chrome browser. Go to the Network tab, ensure you include the Protocol column, and then browse to any of the Google sites such as https://www.google.com

If you see items with the Protocol http/2+quic/39 then you are using QUIC.

You can also view active QUIC sessions by entering chrome://net-internals/#quic in your address bar. Alternatively, you can add a Chrome browser extension to indicate which pages are served by QUIC.

You can also disable QUIC in your browser, by going to entering chrome://flags in your address bar, and setting the  Experimental QUIC protocol option to Disabled .

Are there downsides to disabling or blocking QUIC?

Despite everything above, QUIC is generally a good thing for the world as it makes web communications more efficient and faster between a browser and the server, and who doesn't want their web pages to load faster, and to have less buffering when watching adorable puppy videos on YouTube?

However, the general consensus (at least for now) is that there is no noticeable difference for the average user when QUIC is enabled.

The websites will still work, so you might as well choose security over a tiny increase in performance.

To summarize, QUIC is a new protocol designed by Google to make the web faster and more efficient. It's on by default in Google Chrome and used by a growing list of websites. Unfortunately, most, if not all, firewalls do not currently recognize QUIC traffic as 'web' traffic, therefore it is not inspected, logged or reported on, leaving a gaping hole in your network's security.

Blocking QUIC at the firewall will force the browser and server to fall back to standard HTTP/HTTPS, allowing the traffic to be inspected, protected and reported on as usual.

Take the pain out of reporting on Web Usage and Network Traffic.

Now that you're clued in on QUIC, why not make your life easier and setup Fastvue Reporter ? Fastvue Reporter consumes syslog data from UTMs and Firewalls and produces clean, simple, web usage reports that you can confidently send to department managers and HR team. Automate reports and get the job of reporting on web usage off your desk and into the hands of people that need it. Take a look at the benefits and features available to IT and network security teams to fully understand the capabilities of Fastvue Reporter and how it can assist your business.

Take Fastvue Reporter for a test drive

Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.

• Share this story facebook twitter linkedIn

The Best SonicWall Configuration for Detailed Logging and Reporting

How to Enable Dark Mode in Fortinet FortiGate (FortiOS 7.0)

Get the Reddit app

A reddit dedicated to the profession of Computer System Administration.

Does anyone disable QUIC in Google Chrome as suggested in STIG standards?

Beyond if you are required because you have to enforce it because you have to follow stig standards.

By continuing, you agree to our User Agreement and acknowledge that you understand the Privacy Policy .

Enter the 6-digit code from your authenticator app

You’ve set up two-factor authentication for this account.

Enter a 6-digit backup code

Create your username and password.

Reddit is anonymous, so your username is what you’ll go by here. Choose wisely—because once you get a name, you can’t change it.

Reset your password

Enter your email address or username and we’ll send you a link to reset your password

Check your inbox

An email with a link to reset your password was sent to the email address associated with your account

Choose a Reddit account to continue

The QUIC Transport Protocol: Design and Internet-Scale Deployment

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations, view options, supplementary material.

• Tauqeer M Gohar M Koh S Alquhayz H (2024) Use of QUIC for Mobile-Oriented Future Internet (Q-MOFI) Electronics 10.3390/electronics13020431 13 :2 (431) Online publication date: 19-Jan-2024 https://doi.org/10.3390/electronics13020431
• Lei G Wu J Gu K Jiang F Li S Jiang C (2024) A novel anomaly detection model for secure multipath QUIC communications by jointly using empirical mode decomposition and long short-term memory networks Intelligent Decision Technologies 10.3233/IDT-230261 (1-22) Online publication date: 6-Jan-2024 https://doi.org/10.3233/IDT-230261
• Brito J Moreno J Contreras L Caamaño M (2024) Architecture and Methodology for Green MEC Services Using Programmable Data Planes in 5G and Beyond Networks 2024 IFIP Networking Conference (IFIP Networking) 10.23919/IFIPNetworking62109.2024.10619774 (738-743) Online publication date: 3-Jun-2024 https://doi.org/10.23919/IFIPNetworking62109.2024.10619774
• Show More Cited By

Index Terms

Network protocols

Cross-layer protocols

Network protocol design

Transport protocols

Recommendations

Implementation and performance evaluation of the quic protocol in linux kernel.

QUIC is a new transport layer protocol proposed by Google that is rapidly increasing its share from Internet traffic. It is designed to improve performance for HTTPS connections and partly replace TCP, the dominant standard of Internet for decades, in ...

Multipath QUIC: Design and Evaluation

Quick UDP Internet Connection (QUIC) is a recent protocol initiated by Google that combines the functions of HTTP/2, TLS, and TCP directly over UDP, with the goal to reduce the latency of client-server communication. It can replace the traditional HTTP/...

Unreliable transport protocol using congestion control for high-speed networks

Currently there is no control for the real-time traffic of multimedia applications using UDP (User Datagram Protocol) in high-speed networks. Therefore, although a number of high-speed TCP (Transmission Control Protocol) protocols have been developed ...

Information

Published in.

• SIGCOMM: ACM Special Interest Group on Data Communication

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates.

• Research-article
• Refereed limited

Acceptance Rates

Contributors, other metrics, bibliometrics, article metrics.

• 530 Total Citations View Citations
• 25,591 Total Downloads
• Downloads (Last 12 months) 4,127
• Downloads (Last 6 weeks) 349
• Rybowski N Pelsser C Bonaventure O (2024) OFIQUIC: Leveraging QUIC in OSPF for Seamless Network Topology Changes 2024 IFIP Networking Conference (IFIP Networking) 10.23919/IFIPNetworking62109.2024.10619718 (1-9) Online publication date: 3-Jun-2024 https://doi.org/10.23919/IFIPNetworking62109.2024.10619718
• ITO S KANAYA T NAKAO A OGUCHI M YAMAGUCHI S (2024) Deeply Programmable Application Switch for Performance Improvement of KVS in Data Center IEICE Transactions on Information and Systems 10.1587/transinf.2023DAP0009 E107.D :5 (659-673) Online publication date: 1-May-2024 https://doi.org/10.1587/transinf.2023DAP0009
• Qin L Liu L Chen L Li D Shi Y Yang H (2024) UniSAV: A Unified Framework for Internet-Scale Source Address Validation Proceedings of the 2024 Applied Networking Research Workshop 10.1145/3673422.3674888 (81-87) Online publication date: 23-Jul-2024 https://dl.acm.org/doi/10.1145/3673422.3674888
• Asim R Subramanian L Zaki Y (2024) Impact of Congestion Control on Mixed Reality Applications Proceedings of the 2024 SIGCOMM Workshop on Emerging Multimedia Systems 10.1145/3672196.3673395 (21-26) Online publication date: 4-Aug-2024 https://dl.acm.org/doi/10.1145/3672196.3673395
• Gao Q Wang C Yin Y Zhang G Qian X (2024) PATS:A Packet-Arrival-Time based Scheduler For MPQUIC Proceedings of the 2024 3rd International Conference on Networks, Communications and Information Technology 10.1145/3672121.3672144 (126-131) Online publication date: 7-Jun-2024 https://dl.acm.org/doi/10.1145/3672121.3672144
• Brahmakshatriya A Rinard C Ghobadi M Amarasinghe S (2024) NetBlocks: Staging Layouts for High-Performance Custom Host Network Stacks Proceedings of the ACM on Programming Languages 10.1145/3656396 8 :PLDI (467-491) Online publication date: 20-Jun-2024 https://dl.acm.org/doi/10.1145/3656396
• Brown L Marx E Bali D Amaro E Sur D Kissel E Monga I Katz-Bassett E Krishnamurthy A McCauley J Narechania T Panda A Shenker S Sekar V Yu M Seneviratne A Veitch D (2024) An Architecture For Edge Networking Services Proceedings of the ACM SIGCOMM 2024 Conference 10.1145/3651890.3672261 (645-660) Online publication date: 4-Aug-2024 https://dl.acm.org/doi/10.1145/3651890.3672261

View options

View or Download as a PDF file.

View online with eReader .

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Share this publication link.

Copying failed.

Share on social media

Affiliations, export citations.

• Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
• Download citation
• Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

QUIC in the wild

Thanks to Yan Zhu of Brave; also, our sincere thanks to Ilya Grigorik, Eric Lawrence, Mike West, and Andrew Howden of Google for their assistance.

Back-story: Brave users reported ads getting past our ad-blocking shields in previous Chromium versions, beginning with reports of  ads displaying on YouTube.com on October 11, 2016 . uBlock Origin users had  reported similar bugs . We discovered during testing that disabling QUIC seemed to stop these ads. As a result, we pushed an update to disable QUIC in Brave on January 25, 2017. This update appears to have temporarily abated the incoming bug reports about ads getting past our shields.

We’ve concluded our investigation of YouTube ads getting past ad blockers, and can confirm that ad blocking with QUIC re-enabled operates as expected in Chrome 58 with uBlock Origin.

We would like to end on a positive note about QUIC. It realizes significant speedups, due to round trip reductions and other advantages, over the HTTPS/TCP/IP alternative. As the post details, we suggest others in ad tech become familiar with it to benefit from the same advantages Google is seeing.  05/10/17 – 3:45pm PDT

When we inspected web page traffic via chrome://net-internals, we discovered that QUIC requests were and still are being used for a majority of Google’s ad domains

What is QUIC?

Originally announced in 2013, QUIC (Quick UDP Internet Connections) is an experimental network protocol, which runs on top of the UDP protocol and is usually requested through port 443 with an Alternative Service HTTP request header flag ( example:   alt-svc:quic="googleads.g.doubleclick.net:443" ). A QUIC working group has been established to standardize the protocol; QUIC is currently still considered experimental.

From a high level, QUIC requests pack several round trips into a single, one-way request, including the security (TLS) handshake. Google’s diagram from their  2015 blog post on the topic  helps illustrate the round trip savings:

• QUIC is enabled by default in Google’s Chrome browser and underlying Chromium open source browser code. As of March 2017, Chrome accounts for  58.9% of users browsing the web .
• Brave blocks QUIC requests. QUIC is an opt-in feature in Opera, and is currently not available in other Firefox, Edge, and Safari. HTTPS requests containing the  alt-svc: quic=":443"  response header fall back to traditional TCP connections in other browsers, or when QUIC fails in Chrome.
• QUIC use has not flown completely under the radar. Google’s April 2015 blog post on QUIC mentioned that roughly 50% of Google traffic was being requested from Chrome/Chromium with QUIC.  Missing from the announcement and other QUIC documentation  is any mention of QUIC usage in Google’s Doubleclick ad requests, or in Google Analytics tracking requests.

How can I review QUIC sessions and requests?

QUIC runs on top of the UDP protocol. QUIC requests are often made through the same port (443) that is used for TCP requests. Aside from some corporate firewalls that block UDP requests by their protocol number, making QUIC requests to port 443 helps requests get through firewalls configured to allow TCP requests to that port, independent of the protocol number in the IP header. This is a clever hack that dramatically reduces adoption friction, by avoiding the need for firewall reconfiguration in most cases.

• Chrome shows QUIC requests in Chrome Developer Tools. If you want to distinguish between QUIC and HTTP in the Network interface, right click to select and reveal the Protocol column.
• QUIC requests are visible in the  chrome://  internal browser URLs, and of course in WireShark and other lower-level packet sniffing tools.

Tips for observing QUIC traffic

The easiest way to capture and observe QUIC traffic in detail is within the  chrome://net-internals  interface. Some  chrome://net-internals shortcuts are included below for reference.

• To view the QUIC settings and session connections within the dedicated QUIC panel, enter the following address in the URL bar in Chrome:  chrome://net-internals#quic
• To view QUIC session requests in the Events panel, enter the following address in the URL bar in Chrome:  chrome://net-internals/#events&q=type:QUIC_SESSION
• To access the alt-svc panel to view domains that contain the  quic :443 , Alternative Service HTTP response header, enter the following address in the URL bar in Chrome:  chrome://net-internals/#alt-svc
• To export a JSON log that includes QUIC request traffic, enter the following address in the URL bar in Chrome:  chrome://net-internals/#export
• The  HTTP/2 and SPDY indicator  Chrome extension provides a shortcut to the  chrome://net-internals  Events panel.
• Within the Network section of the Chrome Developer Tools, users can right click to reveal the Protocol column, which will show  http/2+quic/36  as the request protocol. This column is not displayed with default settings in Developer Tools.

To disable QUIC

• Enter  chrome://flags/  into the URL bar in Chrome.
• Locate the  Experimental QUIC protocol  flag.
• Click to expand the drop down menu and select  Disabled

QUIC and Google ad requests

When we inspected web page traffic via  chrome://net-internals , we discovered that QUIC requests were and still are being used for a majority of Google’s ad domains, including domains involved with bidding such as the one below:

14419 : QUIC_SESSION  

Google domains that made requests within QUIC sessions