HTTP/2 & HTTP/3 Checker

Test whether a website supports modern HTTP protocols and inspect its security configuration.

What does this tool check?

This tool probes a website for modern HTTP protocol support and security configuration:

  • HTTP/2 — connects using ALPN (Application-Layer Protocol Negotiation) during the TLS handshake to confirm whether the server supports HTTP/2 (h2). HTTP/2 provides multiplexed streams, header compression, and binary framing — significantly improving page load performance compared to HTTP/1.1.
  • HTTP/3 — inspects the Alt-Svc response header for an h3 entry. HTTP/3 runs over QUIC (UDP) instead of TCP, reducing connection latency especially on lossy networks. If the server advertises HTTP/3 and our infrastructure supports QUIC, we attempt a direct verification.
  • HTTPS redirect — tests whether a plain HTTP request to port 80 is redirected to HTTPS. This is a baseline security requirement.
  • HSTS — checks for the Strict-Transport-Security header and parses its max-age, includeSubDomains, and preload directives.
  • Security headers — checks for eight key HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, COEP) and flags any that are missing.