diff --git a/https/README.md b/https/README.md
new file mode 100644
index 0000000..90257f5
--- /dev/null
+++ b/https/README.md
@@ -0,0 +1,9 @@
+# https (as in secure)
+
+This wrappers and helpers to supplement Go's built-in `net/http` with reasonable and safe defaults.
+
+See
+
+-   [The complete guide to Go net/http timeouts](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
+-   [Standard net/http config will break your production environment](https://medium.com/@simonfrey/go-as-in-golang-standard-net-http-config-will-break-your-production-environment-1360871cb72b)
+-   [Don’t use Go’s default HTTP client (in production)](https://medium.com/@nate510/don-t-use-go-s-default-http-client-4804cb19f779)
diff --git a/https/https.go b/https/https.go
new file mode 100644
index 0000000..8e671b1
--- /dev/null
+++ b/https/https.go
@@ -0,0 +1,22 @@
+package https
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// NewHTTPClient creates a new http client with reasonable and safe defaults
+func NewHTTPClient() *http.Client {
+	transport := &http.Transport{
+		Dial: (&net.Dialer{
+			Timeout: 10 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 5 * time.Second,
+	}
+	client := &http.Client{
+		Timeout:   time.Second * 5,
+		Transport: transport,
+	}
+	return client
+}