QUIC is an Internet data transfer protocol proposed by Google as an alternative for TCP (transmission control protocol). Compared with TCP, QUIC introduces lots of new features to make it theoretically outperform TCP in many fields. For example, it supports multiplexing to solve the problem of head-of-line blocking, introduces 0-RTT handshake to reduce handshake latency, and supports connection migration to be mobility-friendly. However, QUIC’s performance in the real world may not be as good as expected, because network environments and network devices are diverse and the protocol’s security is challenged by potential attackers. Therefore, evaluating QUIC’s impact on existing network services is quite important. This paper carries out a comprehensive survey of QUIC. We introduce the development history and the main characteristics of QUIC firstly. Secondly, taking the two most widely used application scenarios: Web browsing and video streaming as examples, we introduce and summarize domestic and international research analysis on the data transmission performance of QUIC under different network environments. Thirdly, we enumerate existing QUIC-enhancement work from the aspects of protocol design and system design. Fourthly, we summarize existing work on the security analysis on QUIC. We enumerate the security issues that are currently recognized by the academic community, as well as the researchers’ efforts to address these issues. Lastly, we come up with several potential improvements on existing research outcomes and look forward to new research topics and challenges brought by QUIC.