HTTP/3 aka QUIC is an experimental network transport protocol developed by Google.
Any chromium-based browser supports this protocol, and it is enabled by default. The feature is commonly seen when the browser connects to Google web services, such as Google and YouTube, though there are other websites that use this as well.
The POST traffic between chromium-based browsers and these services is sent using UDP on port 443, and in some scenarios, the traffic can bypass the Cloud Secure Web Gateway (SWG)
SEP Tunnel Mode
SESC Tunnel Mode
If you are running the WSS Agent, SEP Tunnel Mode and SESC Tunnel Mode with the option to Allow HTTP/3 checked.
The agent will allow the QUIC or HTTP/3 protocol DIRECT and it will bypass Cloud SWG and its policy.
You will need to remove the check mark under Allow HTTP/3 in the Cloud SWG Console under Connectivity > WSS Agent > WSS Agent Configuration.
The agent will block the QUIC or HTTP/3 protocol and the browser will default to use the HTTPS protocol.
If you have a business requirement or a preference for the highest performance, you can instruct the Web Security Service to bypass QUIC connections. For security reasons, be advised that Symantec does not recommend this option as you can run into an issue like the one mentioned in the article. Because QUIC is UDP-based, these connections are bypassed at the client end-point, which means the traffic is not checked against policy nor is reporting against the WSS Agent possible. Only select this bypass option if the highest performance for these clients supersedes the security requirements.
Any other access method to the Cloud SWG can use the steps shown below.
The Google Chrome GPO template can be obtained here.
The following Windows registry key (or Mac/Linux preference) can be used to disable QUIC in Chrome, and can be enforced via GPO or equivalent: