BestHub
Sign in
Information Security 4 min read

How Much Data Does a Simple HTTPS Request Actually Transfer?

Using a local Go server and Wireshark, the author measured that a basic HTTPS request transmits 2,164 bytes—about ten times more than an equivalent HTTP request—revealing the bandwidth impact of TLS handshakes and suggesting when HTTP may be preferable for internal, non‑sensitive traffic.

Radish, Keep Going!
Radish, Keep Going!
Radish, Keep Going!
How Much Data Does a Simple HTTPS Request Actually Transfer?

Background

Recently a new service was launched and one data‑collection endpoint consumes a lot of bandwidth. Curious about how much data a HTTPS request transfers compared with HTTP, I wrote a small demo and tested it locally.

func helloHandler(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, World!")
}

var port int

func init() {
    flag.IntVar(&port, "port", 8082, "port to listen on")
    flag.Parse()
}

func main() {
    http.HandleFunc("/", helloHandler)
    fmt.Println(fmt.Sprintf("Starting server at port %d", port))
    if err := http.ListenAndServe(fmt.Sprintf(":%d", port), nil); err != nil {
        fmt.Println("Error starting server:", err)
    }
}

Then I used Caddy to provide HTTPS:

http://your-domain.com {
    reverse_proxy 127.0.0.1:8082
}
https://your-domain.com {
    reverse_proxy 127.0.0.1:8082
    tls internal
}

Finally I captured traffic with Wireshark and discovered that a simple HTTPS request transfers 2,164 bytes.

Assuming 500 QPS concurrent requests, the required bandwidth is:

2164 × 8 × 500 / 1 000 000 ≈ 8.656 Mbps

HTTPS (HTTP over TLS) usually requires a full TLS handshake on a new TCP connection, during which client and server exchange certificates, public keys, supported cipher suites, random numbers, and the pre‑master secret, consuming additional bytes, bandwidth, and CPU.

Client and server random numbers

Supported cipher suites and TLS version

Server's digital certificate (including public key)

Pre‑Master Secret used to generate symmetric keys

Because the handshake adds overhead, one blunt solution is to use plain HTTP and skip TLS entirely, eliminating the TLS‑related traffic. To verify this, I compared the same request over HTTP, which only required 223 bytes—about one‑tenth of the HTTPS request size.

Conclusion

In most cases HTTPS is the preferred choice, offering better security and SEO benefits. However, in controlled internal networks or high‑performance scenarios where non‑sensitive data is transferred (e.g., internal data collection), HTTP can be chosen to optimise performance. HTTPS can also be tuned by enabling Keep‑Alive, which reuses a single TCP connection for multiple requests, reducing the cost of repeated TLS handshakes.

GoWiresharkTLSHTTPSBandwidth
Radish, Keep Going!
Written by

Radish, Keep Going!

Personal sharing

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment