diff --git a/cmd/cloudflare-tunnel-ingress-controller/main.go b/cmd/cloudflare-tunnel-ingress-controller/main.go
index 0a1daeb..72d8be8 100644
--- a/cmd/cloudflare-tunnel-ingress-controller/main.go
+++ b/cmd/cloudflare-tunnel-ingress-controller/main.go
@@ -28,17 +28,19 @@ type rootCmdFlags struct {
 	cloudflareAccountId  string
 	cloudflareTunnelName string
 	namespace            string
+	cloudflaredProtocol  string
 }
 
 func main() {
 	var rootLogger = stdr.NewWithOptions(log.New(os.Stderr, "", log.LstdFlags), stdr.Options{LogCaller: stdr.All})
 
 	options := rootCmdFlags{
-		logger:          rootLogger.WithName("main"),
-		ingressClass:    "cloudflare-tunnel",
-		controllerClass: "strrl.dev/cloudflare-tunnel-ingress-controller",
-		logLevel:        0,
-		namespace:       "default",
+		logger:              rootLogger.WithName("main"),
+		ingressClass:        "cloudflare-tunnel",
+		controllerClass:     "strrl.dev/cloudflare-tunnel-ingress-controller",
+		logLevel:            0,
+		namespace:           "default",
+		cloudflaredProtocol: "quic",
 	}
 
 	crlog.SetLogger(rootLogger.WithName("controller-runtime"))
@@ -100,7 +102,7 @@ func main() {
 					case <-done:
 						return
 					case _ = <-ticker.C:
-						err := controller.CreateOrUpdateControlledCloudflared(ctx, mgr.GetClient(), tunnelClient, options.namespace)
+						err := controller.CreateOrUpdateControlledCloudflared(ctx, mgr.GetClient(), tunnelClient, options.namespace, options.cloudflaredProtocol)
 						if err != nil {
 							logger.WithName("controlled-cloudflared").Error(err, "create controlled cloudflared")
 						}
@@ -120,6 +122,7 @@ func main() {
 	rootCommand.PersistentFlags().StringVar(&options.cloudflareAccountId, "cloudflare-account-id", options.cloudflareAccountId, "cloudflare account id")
 	rootCommand.PersistentFlags().StringVar(&options.cloudflareTunnelName, "cloudflare-tunnel-name", options.cloudflareTunnelName, "cloudflare tunnel name")
 	rootCommand.PersistentFlags().StringVar(&options.namespace, "namespace", options.namespace, "namespace to execute cloudflared connector")
+	rootCommand.PersistentFlags().StringVar(&options.cloudflaredProtocol, "cloudflared-protocol", options.cloudflaredProtocol, "cloudflared protocol")
 
 	err := rootCommand.Execute()
 	if err != nil {
diff --git a/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml b/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml
index c303396..f6105d5 100644
--- a/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml
+++ b/helm/cloudflare-tunnel-ingress-controller/templates/deployment.yaml
@@ -39,6 +39,7 @@ spec:
             - --cloudflare-account-id=$(CLOUDFLARE_ACCOUNT_ID)
             - --cloudflare-tunnel-name=$(CLOUDFLARE_TUNNEL_NAME)
             - --namespace=$(NAMESPACE)
+            - --cloudflared-protocol={{ .Values.cloudflared.protocol }}
           env:
             - name: CLOUDFLARE_API_TOKEN
               valueFrom:
diff --git a/helm/cloudflare-tunnel-ingress-controller/values.yaml b/helm/cloudflare-tunnel-ingress-controller/values.yaml
index d388bf3..934ce6d 100644
--- a/helm/cloudflare-tunnel-ingress-controller/values.yaml
+++ b/helm/cloudflare-tunnel-ingress-controller/values.yaml
@@ -42,10 +42,12 @@ serviceAccount:
 
 podAnnotations: {}
 
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -58,12 +60,12 @@ resources:
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-   limits:
-     cpu: 100m
-     memory: 128Mi
-   requests:
-     cpu: 100m
-     memory: 128Mi
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
 
 nodeSelector: {}
 
@@ -77,3 +79,4 @@ cloudflared:
     pullPolicy: IfNotPresent
     tag: latest
   replicaCount: 1
+  protocol: quic
diff --git a/pkg/controller/controlled-cloudflared-connector.go b/pkg/controller/controlled-cloudflared-connector.go
index 14288a2..0179343 100644
--- a/pkg/controller/controlled-cloudflared-connector.go
+++ b/pkg/controller/controlled-cloudflared-connector.go
@@ -20,6 +20,7 @@ func CreateOrUpdateControlledCloudflared(
 	kubeClient client.Client,
 	tunnelClient cloudflarecontroller.TunnelClientInterface,
 	namespace string,
+	protocol string,
 ) error {
 	logger := log.FromContext(ctx)
 	list := appsv1.DeploymentList{}
@@ -62,7 +63,7 @@ func CreateOrUpdateControlledCloudflared(
 				return errors.Wrap(err, "fetch tunnel token")
 			}
 
-			updatedDeployment := cloudflaredConnectDeploymentTemplating(token, namespace, int32(desiredReplicas))
+			updatedDeployment := cloudflaredConnectDeploymentTemplating(protocol, token, namespace, int32(desiredReplicas))
 			existingDeployment.Spec = updatedDeployment.Spec
 			err = kubeClient.Update(ctx, existingDeployment)
 			if err != nil {
@@ -84,7 +85,7 @@ func CreateOrUpdateControlledCloudflared(
 		return errors.Wrap(err, "invalid replica count")
 	}
 
-	deployment := cloudflaredConnectDeploymentTemplating(token, namespace, int32(replicas))
+	deployment := cloudflaredConnectDeploymentTemplating(protocol, token, namespace, int32(replicas))
 	err = kubeClient.Create(ctx, deployment)
 	if err != nil {
 		return errors.Wrap(err, "create controlled-cloudflared-connector deployment")
@@ -93,7 +94,7 @@ func CreateOrUpdateControlledCloudflared(
 	return nil
 }
 
-func cloudflaredConnectDeploymentTemplating(token string, namespace string, replicas int32) *appsv1.Deployment {
+func cloudflaredConnectDeploymentTemplating(protocol string, token string, namespace string, replicas int32) *appsv1.Deployment {
 	appName := "controlled-cloudflared-connector"
 	image := os.Getenv("CLOUDFLARED_IMAGE")
 	pullPolicy := os.Getenv("CLOUDFLARED_IMAGE_PULL_POLICY")
@@ -129,6 +130,8 @@ func cloudflaredConnectDeploymentTemplating(token string, namespace string, repl
 							ImagePullPolicy: v1.PullPolicy(pullPolicy),
 							Command: []string{
 								"cloudflared",
+								"--protocol",
+								protocol,
 								"--no-autoupdate",
 								"tunnel",
 								"--metrics",
diff --git a/test/integration/controller/controlled_cloudflared_connector_test.go b/test/integration/controller/controlled_cloudflared_connector_test.go
index f90fd4f..003a99e 100644
--- a/test/integration/controller/controlled_cloudflared_connector_test.go
+++ b/test/integration/controller/controlled_cloudflared_connector_test.go
@@ -67,8 +67,10 @@ var _ = Describe("CreateOrUpdateControlledCloudflared", func() {
 			},
 		}
 
+		protocol := "quic"
+
 		// Act
-		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns)
+		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns, protocol)
 		Expect(err).NotTo(HaveOccurred())
 
 		// Assert
@@ -101,8 +103,10 @@ var _ = Describe("CreateOrUpdateControlledCloudflared", func() {
 			},
 		}
 
+		protocol := "quic"
+
 		// Create initial deployment
-		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns)
+		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns, protocol)
 		Expect(err).NotTo(HaveOccurred())
 
 		// Change environment variables
@@ -110,7 +114,7 @@ var _ = Describe("CreateOrUpdateControlledCloudflared", func() {
 		os.Setenv("CLOUDFLARED_IMAGE", "cloudflare/cloudflared:2022.3.0")
 
 		// Act
-		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns)
+		err = controller.CreateOrUpdateControlledCloudflared(ctx, kubeClient, mockTunnelClient, ns, protocol)
 		Expect(err).NotTo(HaveOccurred())
 
 		// Assert