Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Web Transactions Per User Per Day

January 25, 2011 - 3 min read

I searched the web recently looking for statistics on the average number of web transactions that end-users make per day, and equations for estimating end-user web transactions. I couldn't find anything that was worth repeating, so I ran my own numbers from Zscaler data.

First, a quick note on what I'm defining as a web transaction- all HTTP(S) client requests / server responses. Some web pages have a large number of web transactions associated with a single web page, for example, the cnn.com homepage has 127 transactions:
ImageOther's like Google's search results pages contain only a few transactions:
ImageI took a random sampling of 100,000 users (excluding group accounts and inactive users) for a 24-hour period on a non-holiday mid-week day. These users are from a global population of enterprise users that typically work an 8-10 hour day. I set a minimum threshold of 500 transactions for an account to be considered an active user - those with less than 500 transactions could be system-driven versus user-driven transactions (e.g., Windows Update), part-time workers, or temporary/test accounts.

The average for this data sample was:
3343.80227 web transactions per user per day
So, within a small organization with 1,000 active users - there are roughly 3.34 million web transactions from the organization's user population during a workday. Note: when I originally ran the numbers I included accounts with <500 transactions within the randomly selected user population- these accounted for roughly 14% of the randomly selected user population and brought the average down to 2251 web transactions per user per day. Because it is unlikely that an organization's entire user-population will be active at once, it may be important to consider approximately 10% of your organization's user-population as inactive.

The maximum number of web transactions from a single user account was 597,064 (this was an outlier). The median (50th percentile) was 1912 web transactions per user per day.

The above plot is the number of users (Y-axis) with a web transaction count between 500 and 4,000 (X-axis) for a 24-hour period. There are a number of users with <1000 transactions in a day, but there is a long "tail" to the right of highly active users. Plotting the aggregated user count for web transaction ranges in the thousands (e.g., data point 2 contains the transaction range 2000-2999) with the transaction range in reverse order shows that the curve is roughly exponential (inverse natural log function).

ImageThe black trendline that was generated in Excel from our data was:
y = 18293e ^ (-0.267x)
e is the mathematical constant, 2.71828
x is the transaction range in thousands (e.g., 2 = 2000-2999 transactions)
y is the user population (based on a 100,000 user population) that fall into the "x" transaction range

To estimate your user population for a specific transaction range, modify the equation to be:
y = (total_user_population * 0.18293e) ^ (-0.267x)
Using this function it is possible to roughly estimate the number of users that have a specific range of transactions (e.g., power web users) within an organization within a 24-hour period.

A relatively small organization of 300 users must deal with an estimated 1 million web transactions in a 24-hour period for their user population. Some estimates of the 2011 Federal Government payroll state a work-force of 1.35 million Federal civilian employees -- this is an estimated 4.5 billion web transactions a day (this does not include Federal civilian contractors).

These types of numbers are good for an organization to be aware of when considering scaling solutions for enforcing web security / policy and for storing and analyzing transactions.

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.