[dreamsbythelake]

HTTPS (TLS v1.3) does add ~100% overhead. I personally prefer simple HTTP sites, but everyone is scared of "Not Secure" message in address bar ... So we all have to pay that penalty, even on static sites, easily checked against WayBack Machine or Tor service.

[kadoban]

That's a lot of overhead. There's no way that's right for anything like common behavior/content.

[dreamsbythelake]

Yes, I was also surprised to see that. Just opened TLS website in Firefox, Inspect->Network->site's home page->Timings. -> TLS Setup: 84ms, content generation+wait+receiving: 30ms ... Fun, huh? :-)

/e: non-CDN site, hosted on EC2, safe ciphers+hash algos without crypto HW accelerators etc. Average business website. With WordPress it is even worse. The CDN lets us terminate TLS and fetch origin in plain text + optimisations on crypto etc.

[purerandomness]

Why would anybody care about performance more than caring about malicious code being injected?

Very strange way of thinking.