HTTP/3 Fingerprints: Identifying Clients in the QUIC Era

By May 2025, HTTP/3 traffic accounted for nearly 35% of all internet traffic . With this rapid adoption, the question naturally arises: can HTTP/3 traffic be fingerprinted in the same way as HTTP/2? The short answer is yes . Revisiting HTTP/2 Fingerprints Fingerprinting in HTTP/2 is well-established. For example, opening https://tls.browserleaks.com/json with Chrome 136 shows the following akamai_text field: { "akamai_text" : "1:65536;2:0;4:6291456;6:262144|15663105|0|m,a,s,p" } This string is divided into four parts, each corresponding to an HTTP/2 feature: Settings – e.g., 1:65536;2:0;4:6291456;6:262144 . Representing values from the HTTP/2 settings frame. Window Update – the value of the window_update frame. Weight – now deprecated, so browsers typically send 0 . Pseudo Headers – HTTP/2 defines pseudo-header fields such as :method , :path , etc., and their order varies across clients. By combining these values, it is straightforward to distinguish a request from a legitimate browser

HTTP/3 Fingerprints: Identifying Clients in the QUIC Era

Related Articles

Put your SSH keys in your TPM chip

Ursa - a new Iceberg-first storage engine for Kafka

Capsicum vs seccomp: Process Sandboxing

My Finance Team Spends 2 Days Every Month on Invoice Matching. Its Insane.

Why Aren't We uv Yet?

Related Articles

News
Put your SSH keys in your TPM chip
Lobsters • 20m ago

News
Ursa - a new Iceberg-first storage engine for Kafka
Lobsters • 1h ago

News
Capsicum vs seccomp: Process Sandboxing
Lobsters • 2h ago

News
My Finance Team Spends 2 Days Every Month on Invoice Matching. Its Insane.
Dev.to • 3h ago

News
Why Aren't We uv Yet?
Lobsters • 4h ago