Diagnosing Corporate Proxy-Induced Timeouts in Chrome
When Chrome on Windows 11 returns ERR_CONNECTION_TIMED_OUT specifically on corporate networks, the root cause is almost always the corporate proxy server’s maximum connection timeout threshold being shorter than Chrome’s TCP handshake window. Corporate proxies (Squid, Blue Coat, Zscaler) terminate and inspect HTTPS traffic by establishing two separate TLS connections: one from the client to the proxy, and one from the proxy to the destination server. If the proxy’s outbound connection to the destination server takes longer than the proxy’s configured maximum (typically 30 seconds), the proxy closes the client-facing connection and Chrome surfaces the timeout error.
This is distinct from a standard Windows TCP/IP timeout because the connection never reaches the target server — it fails at the proxy layer. The proxy’s timeout is often lower than the client’s timeout, so the proxy resets the connection before Windows 11’s TCP driver can complete its own 21-second timeout window.
Why Zscaler and similar SSL inspection proxies cause timeouts
Zscaler and other cloud-delivered security proxies perform SSL inspection by terminating the TLS connection at their edge nodes, re-signing the certificate, and forwarding the traffic to the destination. When Zscaler’s proxy nodes are under high load (common during business hours), the proxy’s outbound connection to the target server times out before the response is returned to the client. The client’s Chrome browser never receives a response and eventually hits its own timeout threshold.
Resolving Corporate Proxy TCP Timeouts
Configuring Proxy Bypass for Critical Domains
Open Chrome → Settings → System → Open proxy settings → LAN Settings → Advanced. In the Exceptions field, add the domains that are timing out (e.g., *.google.com;*.office.com;*.salesforce.com). This routes traffic to these domains directly through the firewall without proxy inspection, eliminating the proxy’s timeout threshold as a factor.
Disabling HTTP/2 in Chrome to Force HTTP/1.1 Proxy Negotiation
Corporate proxies often handle HTTP/2 poorly because the multiplexed streams complicate the SSL inspection engine. Download Chrome and modify the shortcut target to include:
--disable-http2
Launch Chrome with this flag — HTTP/1.1 connections are processed more reliably by legacy proxy configurations, and the timeout errors should resolve.
Call to Action
Use the webs.ninja gateway to test whether the timeout is proxy-induced by measuring TCP handshake latency with and without the corporate proxy in the path. If the diagnostic shows a successful handshake when bypassing the proxy, the issue is the proxy configuration — apply the domain bypass or HTTP/2 disable fixes above.