Measured in your browserWe advise on speed. We practice it.Loaded just now · real numbers from this visit, not a lab score.
Page loaded
First byte
DOM ready
First paint
Largest paint
DNS lookup
TLS handshake
Transferred
Saved by compression
Requests

A quiet optimization sits inside modern browsers: when two hostnames resolve to the same edge and are covered by the same certificate, the browser reuses one connection for both, skipping the second handshake entirely. Coalescing is free performance when your estate is arranged for it and silently absent when it is not.

The rules of reuse

For HTTP/2, browsers coalesce when the new hostname’s DNS resolution overlaps the existing connection’s IP and the connection’s certificate lists the new hostname (SAN coverage). HTTP/3 loosens the IP requirement in some implementations and adds ORIGIN-frame style advertisement paths, but the certificate rule stays sovereign: no SAN coverage, no coalescing, full handshake. Browser implementations differ at the margins, which is why coalescing is verified, not assumed.

Why estates accidentally defeat it

Sharded hostnames from the HTTP/1 era (assets1 through assets4) were designed to force extra connections, the exact opposite of modern optimality, and they linger in templates a decade after their rationale died. Separate certificates per subdomain (distinct issuances for www, static, api) block coalescing even when everything shares an edge. And mixed CDN assignments per subdomain guarantee distinct connections by construction, sometimes worth it (our multi-CDN routing-by-content-class pattern), but worth it knowingly.

The design tension worth naming: coalescing rewards hostname consolidation while other disciplines reward separation, cookie isolation argues for cookieless asset domains, multi-CDN class-routing argues for per-class hostnames, and organizational boundaries put APIs under their own names. The resolution is deliberate grouping rather than maximal merging: consolidate hostnames that share fate and edge anyway (document plus its assets), keep separations that buy real isolation, and ensure each group internally coalesces via shared SANs and shared edge. The hostname map of an estate is an architecture document whether or not anyone drew it; this article’s audit makes the implicit one explicit, which is usually the first time anyone has looked at it whole.

Arranging for it

Consolidate related hostnames onto certificates with shared SAN lists (or a wildcard where policy allows), serve them from the same edge configuration, and un-shard the legacy hostname splits, fewer hostnames is the modern default, with HTTP/2 multiplexing doing the parallelism sharding used to fake. Then verify: devtools connection IDs, or RUM connect-time distributions per hostname, show whether second-hostname requests ride warm connections or pay cold handshakes.

In practice

Audit your template’s hostname census (main document, asset hosts, API hosts), map each to certificate and edge assignment, and count the theoretical-versus-actual connections on a cold load. Most estates find one or two consolidations that delete a handshake from every first visit, which, per the TLS article’s arithmetic, is exactly the cold-connection tail where handshake costs live. Small change, tail-shaped payoff: the recurring signature of transport work.

Hostname-and-certificate mapping is a quick module in our delivery reviews. The deleted-handshake count is the punchline.

Get the free assessmentMore analysis