DNS-over-HTTPS (DoH) is a modern security protocol that encrypts DNS (Domain Name System) queries using the same HTTPS protocol that secures websites. Instead of sending DNS requests in plaintext, DoH wraps them inside standard HTTPS traffic, protecting users from surveillance, tracking, or tampering.
🌐 Why DoH Matters
When you visit a website, your browser first asks a DNS server to resolve the domain name into an IP address. Without encryption, this request can be:
- Monitored by ISPs or network operators
- Tampered with by malicious actors
- Used to build a profile of your browsing activity
DoH prevents this by:
- Encrypting DNS queries over port 443 (HTTPS)
- Hiding DNS traffic alongside regular web traffic
- Bypassing some types of censorship and filtering
🔍 How DNS-over-HTTPS Works
- Your device or browser sends a DNS query inside an encrypted HTTPS request.
- The DNS resolver (e.g., Cloudflare, Google, CleanBrowsing) decrypts the request and returns the IP address.
- Since it’s wrapped in HTTPS, firewalls and ISPs cannot easily distinguish DoH from normal web traffic.
🆚 DoH vs. DoT
| Feature | DoH | DoT |
|---|---|---|
| Encryption Protocol | HTTPS (TLS over HTTP/2) | TLS over TCP |
| Port Used | 443 | 853 |
| Visibility to Network Tools | Harder to block/monitor | Easier to monitor/filter |
| Common Usage | Browser-level protection | System/network-level protection |
DoH is especially popular in browsers like Firefox and Chrome, which support native DoH settings.
🧩 Where Can You Use DoH?
CleanBrowsing supports DoH across all plans—free and paid—and offers unique DoH endpoints for every account. These endpoints provide encrypted filtering tailored to families, schools, or organizations.
💻 Configure DoH On:
Your custom DoH URLs can be found inside your CleanBrowsing dashboard.