Port 443 is officially assigned to both TCP and UDP. For most of its history, port 443 has been synonymous with TCP, carrying virtually all encrypted web traffic (HTTPS). But with the arrival of HTTP/3, port 443 now handles a growing share of UDP traffic as well.
Why Port 443 Is Traditionally TCP
When you visit any website starting with “https://,” your browser opens a TCP connection on port 443. TCP guarantees that data arrives in order and without errors, which matters when you’re loading a banking page or submitting a password. The browser initiates a TCP request, then performs a TLS handshake: your device and the server exchange certificates, verify each other’s identity, and agree on encryption keys. Only after that multi-step handshake does actual page data start flowing. This TCP-based process has been the backbone of secure web browsing since the mid-1990s.
The IANA (the organization that officially assigns port numbers) has port 443 registered for “http protocol over TLS/SSL” on TCP, UDP, and even SCTP. But until recently, the UDP registration was mostly theoretical. Firewalls, enterprise networks, and server configurations all treated port 443 as a TCP-only port.
How HTTP/3 Changed the Picture
HTTP/3, the latest version of the protocol that powers the web, runs on a transport layer called QUIC, which uses UDP instead of TCP. QUIC builds reliability and encryption directly into itself rather than relying on separate TCP and TLS layers. The result is faster connection setup (fewer round trips before data starts flowing) and better performance on unstable connections like mobile networks.
QUIC sends its traffic to UDP port 443. As of mid-2025, roughly 38% of all websites support HTTP/3, and every major browser (Chrome, Firefox, Edge) has it enabled by default. Safari has been slower to adopt it but supports it in newer versions. This means a large and growing chunk of everyday web browsing now generates UDP port 443 traffic alongside traditional TCP port 443 traffic.
What This Means for Firewalls
Many firewalls and network configurations were set up years ago to allow outbound TCP 443 and nothing else. That worked fine when HTTPS was TCP-only. Now, blocking UDP 443 can silently degrade performance. Browsers that can’t reach a server over UDP 443 will fall back to TCP 443, so pages still load, but you lose the speed benefits of HTTP/3. You won’t see an error message; things just run slower than they could.
If you manage a firewall or home router, allowing outbound UDP 443 is increasingly a practical necessity. For inbound traffic, you only need to open UDP 443 if you’re running a web server that supports HTTP/3. Most enterprise firewall documentation, including Microsoft’s, still lists port 443 as TCP for services like HTTPS, SharePoint, and remote management. That documentation is accurate for those specific services but incomplete for modern browser traffic.
Other Services That Use Port 443
Port 443 isn’t just for web browsing. Because it’s almost universally allowed through firewalls, many other applications piggyback on it. VPN tools like SoftEther tunnel encrypted traffic over TCP 443, making VPN connections look like normal HTTPS traffic to network filters. Video calling platforms (FaceTime, Cisco Webex), remote desktop tools (AnyDesk), cloud file sync services (Syncthing, ASUS AiCloud), and IoT device management platforms like Ubiquiti UniFi all use port 443 for at least part of their communication. Even some gaming consoles route traffic through TCP 443 for PlayStation Network and certain multiplayer titles.
The common thread is that port 443 is the “always open” port on almost every network. If an application needs to punch through restrictive firewalls, port 443 is the first choice.
How to Check If Port 443 Is Open
On Windows, the built-in PortQry tool lets you test both protocols with simple commands. To check TCP, run portqry.exe -n yourserver.com -p tcp -e 443. For UDP, swap tcp for udp. You can also use -p both to test TCP and UDP simultaneously.
On macOS or Linux, nc -zv yourserver.com 443 tests TCP connectivity. UDP is harder to test reliably from the command line because UDP doesn’t send back a clear “connection established” response the way TCP does. Tools like nmap -sU -p 443 yourserver.com can probe UDP, but results are less definitive since a lack of response could mean the port is open or that packets were silently dropped.
TCP vs. UDP on Port 443: A Quick Comparison
- TCP 443: Used by traditional HTTPS (HTTP/1.1 and HTTP/2), VPN tunnels, remote desktop tools, and most enterprise services. Reliable, ordered delivery with a separate TLS handshake.
- UDP 443: Used by HTTP/3 via the QUIC protocol. Faster connection setup, built-in encryption, and better handling of packet loss. Growing rapidly but still falls back to TCP when blocked.
The short answer: port 443 is both TCP and UDP. TCP remains dominant, but UDP is no longer optional if you want modern web performance.