Enabling HTTP/3 can improve real-world performance for an Apache site by moving web traffic onto QUIC, which is designed to handle packet loss and network changes more gracefully than TCP. On mobile networks and lossy Wi‑Fi, this often reduces stalls caused by transport-level head‑of‑line blocking and can shorten reconnect times after roaming between networks.

HTTP/3 is the HTTP mapping over QUIC (UDP), with encryption and connection setup handled by TLS 1.3 inside the protocol. Browsers typically learn that h3 is available via the Alt-Svc response header and then attempt an HTTP/3 connection to the same hostname on UDP 443 while keeping HTTP/2 or HTTP/1.1 as an automatic fallback.

Direct HTTP/3 support inside Apache HTTP Server depends on the build and available QUIC libraries, so many deployments terminate QUIC at a CDN or reverse proxy and forward requests to the origin over standard HTTPS. UDP must be permitted end-to-end to the QUIC terminator, and an incorrect or cached Alt-Svc advertisement can cause confusing client behavior during testing. Keeping HTTPS healthy first and starting with a short advertisement lifetime (ma) reduces risk during rollout. The example below fronts Apache with a local Caddy reverse proxy that advertises HTTP/3 and proxies to Apache on port 80.

Related: How to optimize Apache web server performance
Related: How to enable HTTP/2 protocol support in Apache
Related: How to configure Let's Encrypt SSL in Apache

Steps to enable HTTP/3 in Apache:

  1. Install a QUIC-capable frontend (example: Caddy) and configure it to proxy to the local Apache origin. This sample uses an internal certificate and advertises h3 on UDP 8443 with a short cache time. 
    https://localhost:8443 {
    tls internal
    encode gzip
    header {
        Alt-Svc "h3=\":8443\"; ma=60"
    }
    reverse_proxy http://127.0.0.1:80
}

    If you keep HTTPS on 443, run Caddy (or your edge) with privileges that allow binding 443 and leave the advertisement as h3=":443".

  2. Start or reload the frontend so it listens with HTTP/1.1, HTTP/2, and HTTP/3, then confirm HTTPS is healthy and that Alt-Svc is present. 
    $ curl -k -I https://localhost:8443/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Alt-Svc: h3=":8443"; ma=60
Content-Length: 10671
Content-Type: text/html
Date: Sun, 11 Jan 2026 06:40:33 GMT
Etag: "29af-6480f24215cc8"
Last-Modified: Sat, 10 Jan 2026 21:15:28 GMT
Server: Caddy
Server: Apache/2.4.58 (Ubuntu)
Vary: Accept-Encoding
  3. Allow inbound UDP on the advertised port (443 or your alternate like 8443) all the way to the QUIC terminator.

    Some firewalls or load balancers allow TCP 443 but block UDP by default; open the matching UDP port for HTTP/3.

  4. Verify HTTP/3 negotiation with an HTTP/3-capable client (for example, curl built with ngtcp2/nghttp3 or a browser network inspector). 
    $ curl -k -I --http3 https://localhost:8443/
HTTP/3 200
content-length: 10671
vary: Accept-Encoding
etag: "29af-6480f24215cc8"
accept-ranges: bytes
server: Caddy
server: Apache/2.4.58 (Ubuntu)
content-type: text/html
date: Sun, 11 Jan 2026 06:40:44 GMT
last-modified: Sat, 10 Jan 2026 21:15:28 GMT
alt-svc: h3=":8443"; ma=60

    If your default curl lacks --http3, install or build a curl with HTTP/3 support, or validate via a browser network inspector that shows h3 as the request protocol.