Why we ship UDP proxy support out of the box
HTTP/SOCKS proxies are no longer sufficient. We explain why, and what Loki does about QUIC and HTTP/3 traffic.
If you ran browser profiles five years ago, an HTTP or SOCKS5 proxy was enough. Today it is not, and the gap is widening. Major sites — every Google property, half the Cloudflare edge, large parts of Meta — now serve traffic over HTTP/3, which runs on top of QUIC, which is a UDP protocol.
If your proxy stack only tunnels TCP, your browser will negotiate HTTP/3, send some packets directly over UDP that bypass the proxy entirely, and reveal your real IP. The site sees one fingerprint over your proxy and one IP over UDP. That mismatch is a clear bot signal.
What Loki does
- Recognizes UDP-capable proxy providers when you paste credentials.
- Falls back to disabling HTTP/3 in the profile when the assigned proxy can't tunnel UDP — explicitly, not silently.
- Warns you if a proxy you assigned to a profile is TCP-only.
- Surfaces the actual transport used per request in the inspector, so you can verify, not assume.
Why this isn't a checkbox feature
Implementing UDP proxying right is harder than HTTP. UDP has no native session, no headers, no straightforward auth handshake. Most provider docs are sparse. We had to write per-provider adapters for the major ones, and we're upfront when a provider is in our "works" list versus "not yet tested."
We expect this to become table-stakes in 18 months. We'd rather have it correct now.