I know this sounds stupid.
I am working with an embedded platform that has 16MB of RAM only. And I need to deep packet filter HTTP streams. To prevent DoS of the device I'd like some statistical averages regarding HTTP stream sizes, specifically the HTTP header in particular.
From Google's SPDY research project whitepaper
Uncompressed request and response headers. Request headers today vary in size from ~200 bytes to over 2KB. As applications use more cookies and user agents expand features, typical header sizes of 700-800 bytes is common.
The HTTP HEAD response from www.google.com is 823 bytes, as checked just now. This is without any authentication. About half of that is the Set-Cookie header. An easy way to check is hurl.it
I don't have any statistics to back this up (what does it mean to take a statistical average of HTTP header sizes? average over what?), but from anecdotal experience a typical HTTP header is 0.5KB and might go up to 1K or 2K (depending on cookie size, etc.). You could theoretically get HTTP headers up to 4K or 8K but that is fairly rare.
The size might vary based on what is presented by the web application, also we need to consider that a 200KB web page is not likely to be a solid 200KB. More likely it is 20KB of HTML, 30KB of Javascript/CSS and 150KB in 10 x 15KB images for a total of 12 requests perhaps. So the average request/response pair would NOT be 200KB but rather 17KB.
You welcome to check this tool for a basic idea : http://smallseotools.com/website-page-size-checker/