What is the average size of an HTTP request/response header?

http-headers http

I am working with an embedded platform that has 16MB of RAM only. And I need to deep packet filter HTTP streams. To prevent a Denial of Service attack on the device I'd like some statistical averages regarding HTTP stream sizes, specifically the HTTP header in particular.


From Google's SPDY research project whitepaper

Uncompressed request and response headers. Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents expand features, typical header sizes of 700-800 bytes is common.


The HTTP HEAD response from www.google.com is 823 bytes, as checked just now. This is without any authentication. About half of that is the Set-Cookie header. An easy way to check is the curl command.


I don't have any statistics to back this up (what does it mean to take a statistical average of HTTP header sizes? average over what?), but from anecdotal experience a typical HTTP header is 0.5KB and might go up to 1K or 2K (depending on cookie size, etc.). You could theoretically get HTTP headers up to 4K or 8K but that is fairly rare.

Related

TypeError: 'int' object is not subscriptable
Elegant way to search an PHP array using a user-defined function
How can I mount an S3 bucket to an EC2 instance and write to it with PHP?
Meaning of HTML prefix attribute (Open Graph Protocol)?
How to change Spring Boot logo to Nyan Cat?
How do you extend types in GraphQL?
Does a multi-column index work for single column selects too?
HTML5 Drag and Drop - No transparency?
What's the current best solution for generating HTML from ASP.NET Razor templates within a Console Application?
Transfer-Encoding: chunked
Python GPU programming [closed]
Properties vs Resource Bundle