What to test here
This website is available under multiple different hostnames and so allows switching between protocols. Every hostname enforces exactly the protocols its name implies — via DNS HTTPS records (RFC 9460) and server-side ALPN enforcement. If you want to learn more about how those mechanisms drive protocol selection, read DNS HTTPS Records and Alt-Svc. Click any hostname below to load the page on that host; the protocol widget in the header updates to show what was actually negotiated.
To see all hostnames polled in parallel and compare protocol negotiation across the full matrix in one view, open the Protocol Detection page.
Legend
Each protocol is indicated by its color badge as shown here. H3 stands for HTTP/3 (HTTPS — TLS encrypted), H1C stands for HTTP/1.1 in cleartext (HTTP — not TLS encrypted). Different browsers show different protocol selection behavior. We show the expected behavior for the most widely used browsers and indicate each with a small logo.
Reference Hostnames — all ports
Both hostnames accept every protocol on every port and serve as the baseline
for comparison. Together they isolate Alt-Svc behavior: the
apex sends Alt-Svc: h3=":443" so Chrome upgrades to
H3 on the second load. www carries the same DNS HTTPS record
(Safari connects H3 directly) but sends no Alt-Svc. If your SSE
product strips Alt-Svc, Chrome will stay on H2 from www.
| Hostname | Protocols | Alt-Svc | DNS HTTPS ALPNs | Browser (direct) |
|---|---|---|---|---|
sse-testcenter.org
curlcurl --http3 https://sse-testcenter.org/ |
H3 H2 H1 H2C H1C | ✓ H3:443 | h3:p1, h2:p2, http/1.1:p3 |
S
H3
C
H2
→
H3
|
www.sse-testcenter.org
curlcurl --http2 https://www.sse-testcenter.org/ |
H3 H2 H1 H2C H1C | — no header | h3:p1, h2:p2, http/1.1:p3 |
S
H3
C
H2
|
TLS Hostnames — port 443
Each hostname enforces only the protocols its name lists — the server rejects
ALPN tokens it does not advertise. The DNS HTTPS record priority (p1 preferred)
lets you verify whether an SSE gateway respects the advertised ALPN order. Note
that h3 (H3-only) is the most demanding: Chrome has no Alt-Svc to
learn from and cannot fall back to H2, so it may fail on a direct connection
unless it follows the DNS HTTPS record.
| Hostname | Protocols | DNS HTTPS ALPNs | Alt-Svc | Browser (direct) |
|---|---|---|---|---|
h1-h3.sse-testcenter.org
curlcurl --http3 https://h1-h3.sse-testcenter.org/ |
H3 H2 H1 | h3:p1, h2:p2, http/1.1:p3 | ✓ H3:443 |
S
H3
C
H2
→
H3
|
h2-h3.sse-testcenter.org
curlcurl --http3 https://h2-h3.sse-testcenter.org/ |
H3 H2 | h3:p1, h2:p2 | ✓ H3:443 |
S
H3
C
H2
→
H3
|
h1-h2.sse-testcenter.org
curlcurl --http2 https://h1-h2.sse-testcenter.org/ |
H2 H1 | h2:p1, http/1.1:p2 | — |
S
H2
C
H2
|
h2.sse-testcenter.org
curlcurl --http2 https://h2.sse-testcenter.org/ |
H2 | h2:p1 | — |
S
H2
C
H2
|
h1.sse-testcenter.org
curlcurl --http1.1 https://h1.sse-testcenter.org/ |
H1 | http/1.1:p1 | — |
S
H1
C
H1
|
h3.sse-testcenter.org
curlcurl --http3 https://h3.sse-testcenter.org/ |
H3 | h3:p1 | — |
S
H3
C
⚠ may fail
|
TLS Hostnames — port 8443
The DNS HTTPS records for these hostnames advertise port 8443, not the
default :443. This creates two distinct test scenarios: clicking a link
without an explicit port tests whether the client follows the DNS
HTTPS port hint; clicking with :8443 forces the port directly.
A gateway that does not follow the DNS record will attempt :443 and fail.
The URL uses the default HTTPS port. A client that reads the DNS HTTPS record will connect to :8443 as advertised. One that ignores it tries :443 and gets a connection refused — the server does not listen on :443 for these hostnames.
| Hostname | Protocols | DNS HTTPS ALPNs | Alt-Svc | Browser (direct) |
|---|---|---|---|---|
h2-8443.sse-testcenter.org
curlcurl --http2 https://h2-8443.sse-testcenter.org:8443/ |
H2 | h2:p1 on :8443 | — |
S
H2
on :8443
C
⚠ may fail
|
h3-8443.sse-testcenter.org
curlcurl --http3 https://h3-8443.sse-testcenter.org:8443/ |
H3 | h3:p1 on :8443 | — |
S
H3
on :8443
C
⚠ may fail
|
h2-h3-8443.sse-testcenter.org
curlcurl --http3 https://h2-h3-8443.sse-testcenter.org:8443/ |
H3 H2 | h3:p1, h2:p2 on :8443 | ✓ H3:8443 |
S
H3
on :8443
C
⚠ may fail
|
The URL includes :8443 explicitly, so all clients connect to the
right port regardless of DNS HTTPS support. This is the baseline for comparing
protocol negotiation at port 8443 without the port-hint variable.
| Hostname | Protocols | DNS HTTPS ALPNs | Alt-Svc | Browser (direct) |
|---|---|---|---|---|
h2-8443.sse-testcenter.org:8443
curlcurl --http2 https://h2-8443.sse-testcenter.org:8443/ |
H2 | h2:p1 on :8443 | — |
S
H2
C
H2
|
h3-8443.sse-testcenter.org:8443
curlcurl --http3 https://h3-8443.sse-testcenter.org:8443/ |
H3 | h3:p1 on :8443 | — |
S
H3
C
⚠ may fail
|
h2-h3-8443.sse-testcenter.org:8443
curlcurl --http3 https://h2-h3-8443.sse-testcenter.org:8443/ |
H3 H2 | h3:p1, h2:p2 on :8443 | ✓ H3:8443 |
S
H3
C
H2
→
H3
|
Cleartext Hostnames — port 80
No TLS. Most modern browsers will show a "Not Secure" indicator. SSE products typically inspect cleartext HTTP even when they do not perform TLS inspection. Note that H2C requires the client to send the HTTP/2 connection preface without ALPN negotiation — many proxies do not support it.
| Hostname | Protocols |
|---|---|
h1c.sse-testcenter.org
curlcurl --http1.1 http://h1c.sse-testcenter.org/ |
H1C |
h2c.sse-testcenter.org
curlcurl --http2-prior-knowledge http://h2c.sse-testcenter.org/ |
H2C |
h1c-h2c.sse-testcenter.org
curlcurl --http2-prior-knowledge http://h1c-h2c.sse-testcenter.org/ |
H2C H1C |
Cleartext Hostnames — port 8080
Same as the port 80 group but on port 8080. Useful for testing forward proxy configurations that intercept a specific alternate port.
| Hostname | Protocols |
|---|---|
h1c-8080.sse-testcenter.org
curlcurl --http1.1 http://h1c-8080.sse-testcenter.org:8080/ |
H1C |
h2c-8080.sse-testcenter.org
curlcurl --http2-prior-knowledge http://h2c-8080.sse-testcenter.org:8080/ |
H2C |
h1, h2, h3 — single protocol only, no fallbackh1-h2, h2-h3, h1-h3 — range; all listed protocols acceptedc suffix — cleartext (no TLS): h1c, h2c, h1c-h2c-8443 suffix — DNS HTTPS record advertises port 8443-8080 suffix — cleartext service on port 8080Want to see all hostnames at a glance? The Protocol Detection page polls every hostname in parallel and shows the negotiated protocol for each — useful for a quick overview when you are not inspecting a specific host.