Are there any risks or potential issues when enabling HTTP/3 and 0-RTT?

I want to enable HTTP/3 and 0-RTT on my sites, but I am worried it may cause problems for my visitors.

Are there any potential issues that might occur when enabling these or can I safely do it?

Also, what is the purpose of having an option to disable or enable these options?


Only nerds with pre-release versions of browsers are using HTTP/3, so I would not worry too much about them having issues. You are also not going to see any massive benefit today, given the limited user agents supporting H3.

0-RTT has potential security issues you should consider before enabling, but I have not experienced any issues. 0-RTT will show greatest benefit if your users on on high latency connections.

I consider both to be pretty safe.

As to why there is an option to enable/disable them? H3 is still in development, so it would be a terrible move to enable it for everybody by default with no option to disable. And 0-RTT might have security issues for customers it needs to be configurable.

Thank you very much for the feedback.