We’re excited to announce that the Sucuri Web Application Firewall (WAF) now supports HTTP/3, the latest version of the HTTP protocol. This upgrade brings significant performance improvements and enhanced security features to all websites protected by our WAF. The best part? It works automatically – if your visitor’s browser supports HTTP/3, they’ll immediately benefit from these improvements.
What is HTTP/3?
HTTP/3 represents the next evolution in web communication protocols, building upon the foundations laid by HTTP/2 while addressing its key limitations. The most significant change is the switch from TCP to QUIC, a new transport protocol built on UDP. This fundamental change brings several important benefits to your website’s performance and security.
Key Improvements Over HTTP/2
Faster Connection Establishment
HTTP/3 combines the cryptographic and transport handshakes into a single step, significantly reducing the time needed to establish a connection. While HTTP/2 requires multiple round trips between the client and server to set up a connection, HTTP/3 can often establish secure connections in just one round trip, and even zero rounds for returning visitors.
Better Performance Under Real-World Conditions
One of HTTP/2’s main limitations was head-of-line blocking, where a lost packet could temporarily block all other data streams. HTTP/3 eliminates this issue by implementing independent streams, ensuring that a problem with one stream doesn’t affect others. This means your website visitors will experience:
- More consistent loading times, especially on mobile networks
- Better performance when network conditions are less than ideal
- Smoother transitions when switching between networks (e.g., from WiFi to cellular)
Enhanced Security by Default
HTTP/3 integrates TLS 1.3 by default, providing the latest security standards for all connections. This ensures that all data transferred between your visitors and your website is protected by state-of-the-art encryption.
What This Means for Your Website
With Sucuri WAF HTTP/3 support, your website will automatically serve content using the most efficient protocol available to each visitor. Here’s what you can expect:
- Faster page loads, especially for visitors on high-latency or unreliable networks
- Improved mobile user experience with better handling of network changes
- Enhanced security through mandatory encryption
- No configuration needed – it just works
Browser Compatibility
HTTP/3 support is already available in major browsers including Chrome, Firefox, and Edge. While Safari currently treats HTTP/3 as an experimental feature, support continues to grow across all platforms. You can use tools like Domsignal to confirm HTTP/3 is enabled on your site. Visitors using browsers that don’t support HTTP/3 will automatically fall back to HTTP/2 or HTTP/1.1, ensuring a seamless experience for everyone.
Looking Forward
The addition of HTTP/3 support to our WAF represents our ongoing commitment to providing cutting-edge performance and security features to our customers. As web protocols continue to evolve, you can count on Sucuri to stay ahead of the curve, ensuring your website remains fast, secure, and accessible to all visitors.
No action is required on your part to enable HTTP/3 – it’s automatically available to all Sucuri WAF customers. Your visitors will immediately begin experiencing these performance improvements if their browsers support the protocol.
To learn more about how the Sucuri WAF protects and optimizes your website, visit our knowledge base or chat with our team.
Antony Garand
Cesar Anjos
Alycia Mitchell
Luke Leal
Néstor Angulo
Ben Martin
Victor Santoyo
Ashley Sand
Juliana Lewis