0

When my browser sends a request under a HTTPs communication which parts of the request are encrypted?

  • URL (I suppose not)
  • GET params (I suppose not)
  • POST/PUT params
  • Cookies
  • Headers
  • ...
  • The response of the server

I'm concern about this because I was implementing an API where there was private data into the URL with the hope of it to be protected by a HTTPs communication, but I'm afraid the URL it self is not encrypted.

4

2 回答 2

2

Once the secure channel is stablished, all the HTTP info is encrypted, URL, get/post params, cookies and headers. And of course the response from the server.

于 2013-09-12T11:43:52.743 回答
1

Based on HTTP Secure, the whole HTTP message is sent through a SSL connection to the server, so method, url (including query parameters), headers, body, etc. is encrypted.

于 2013-09-12T11:51:27.190 回答