What is DNS-over-HTTPs (DOH)?

DNS-over-HTTPS (DoH) is a modern security protocol that encrypts DNS (Domain Name System) queries using the same HTTPS protocol that secures websites. Instead of sending DNS requests in plaintext, DoH wraps them inside standard HTTPS traffic, protecting users from surveillance, tracking, or tampering.

🌐 Why DoH Matters

When you visit a website, your browser first asks a DNS server to resolve the domain name into an IP address. Without encryption, this request can be:

• Monitored by ISPs or network operators
• Tampered with by malicious actors
• Used to build a profile of your browsing activity

DoH prevents this by:

• Encrypting DNS queries over port 443 (HTTPS)
• Hiding DNS traffic alongside regular web traffic
• Bypassing some types of censorship and filtering

🔍 How DNS-over-HTTPS Works

1. Your device or browser sends a DNS query inside an encrypted HTTPS request.
2. The DNS resolver (e.g., Cloudflare, Google, CleanBrowsing) decrypts the request and returns the IP address.
3. Since it’s wrapped in HTTPS, firewalls and ISPs cannot easily distinguish DoH from normal web traffic.

🆚 DoH vs. DoT

Feature	DoH	DoT
Encryption Protocol	HTTPS (TLS over HTTP/2)	TLS over TCP
Port Used	443	853
Visibility to Network Tools	Harder to block/monitor	Easier to monitor/filter
Common Usage	Browser-level protection	System/network-level protection

DoH is especially popular in browsers like Firefox and Chrome, which support native DoH settings.

🧩 Where Can You Use DoH?

CleanBrowsing supports DoH across all plans—free and paid—and offers unique DoH endpoints for every account. These endpoints provide encrypted filtering tailored to families, schools, or organizations.

💻 Configure DoH On:

• Chrome
• Windows 11
• Windows 11 (PowerShell)
• FireFox
• Google Workspace Admin

Your custom DoH URLs can be found inside your CleanBrowsing dashboard.