diff --git a/http/client.go b/http/client.go
index 7ea4a7b255..02bc0def87 100644
--- a/http/client.go
+++ b/http/client.go
@@ -1,7 +1,6 @@
 package http
 
 import (
-	"crypto/tls"
 	"net/http"
 	"net/url"
 
@@ -55,14 +54,6 @@ func NewService(addr, token string) *Service {
 	}
 }
 
-// Shared transports for all clients to prevent leaking connections
-var (
-	skipVerifyTransport = &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-	}
-	defaultTransport = &http.Transport{}
-)
-
 func newURL(addr, path string) (*url.URL, error) {
 	u, err := url.Parse(addr)
 	if err != nil {
diff --git a/http/transport.go b/http/transport.go
new file mode 100644
index 0000000000..3e9a279e68
--- /dev/null
+++ b/http/transport.go
@@ -0,0 +1,51 @@
+// Shared transports for all clients to prevent leaking connections
+package http
+
+import (
+	"crypto/tls"
+	"net"
+	"net/http"
+	"time"
+)
+
+// defaultTransport is the default implementation of Transport and is
+// used by traceClient. It establishes network connections as needed
+// and caches them for reuse by subsequent calls. It uses HTTP proxies
+// as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and
+// $no_proxy) environment variables.
+// This is the same as http.DefaultTransport.
+//
+var defaultTransport http.RoundTripper = &http.Transport{
+	Proxy: http.ProxyFromEnvironment,
+	DialContext: (&net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+		DualStack: true,
+	}).DialContext,
+	MaxIdleConns:          100,
+	IdleConnTimeout:       90 * time.Second,
+	TLSHandshakeTimeout:   10 * time.Second,
+	ExpectContinueTimeout: 1 * time.Second,
+}
+
+// skipVerifyTransport is the default implementation of Transport and is
+// used by traceClient (newClient with insecure set to true). It establishes network connections as needed
+// and caches them for reuse by subsequent calls. It uses HTTP proxies
+// as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and
+// $no_proxy) environment variables.
+// This is the same as http.DefaultTransport but with TLS skip verify.
+//
+var skipVerifyTransport = &http.Transport{
+	Proxy: http.ProxyFromEnvironment,
+	DialContext: (&net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+		DualStack: true,
+	}).DialContext,
+	MaxIdleConns:          100,
+	IdleConnTimeout:       90 * time.Second,
+	TLSHandshakeTimeout:   10 * time.Second,
+	ExpectContinueTimeout: 1 * time.Second,
+	// This is the value that changes between this and http.DefaultTransport
+	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+}