Internet traffic is exposed to potential eavesdroppers. Standard encryption mechanisms do not provide sufficient protection: Features such as packet sizes and numbers remain visible, opening the door to so-called side-channel attacks against web traffic. This paper develops a framework for the derivation of formal guarantees against traffic side-channels. The authors present a model which captures important characteristics of web traffic, and they define measures of security based on quantitative information flow. Leaning on the well-studied properties of these measures, they provide an assembly kit for countermeasures and their security guarantees, and they show that security guarantees are preserved on lower levels of the protocol stack.