tags:

views:

263

answers:

3
+2  Q: 

Encryption of HTTPS headers

To what extent, if at all, are HTTPS headers encrypted?

+4  A: 

They are encrypted in transit through SSL. There is no special encryption dedicated to headers, HTTPS encrypts the entire message.

Kekoa  2009-06-11 20:34:36
+1  A: 

All headers are encrypted in HTTPS. You may want to look at some documentation on how SSL and TLS work.

altCognito  2009-06-11 20:34:39
+1  A: 

SSL sets up a private authenticated link to the server and then sends an http request over that link. The evil-doer snooping on the link cant actually tell from just watching the connection that http is being used. SSL its self has some unencrypted headers that it uses to establish this connection though these should not be confused with the headers that are part of the http protocol.

Arthur Ulfeldt  2009-06-12 01:32:30

related questions

How would you implement a secure static login credentials system in Java?
Blocking https url's in a embedded gecko browser
Restrict Apache to only allow access using SSL for some directories
How to put up an off-the-shelf https to http gateway?
Rails SSL Requirement plugin -- shouldn't it check to see if you're in production mode before redirecting to https?
What's the best way to learn server RESTful code?
Force HTTPS. How is it possible?
How can I get LWP to validate SSL server certificates?
What must I do to make content such as images served over HTTPS be cached client-side?
What does a PHP developer need to know about https / secure socket layer connections?
What's a clean/simple way to ensure the security of a page?
Making sure a web page is not cached, across all browsers.
Best way in asp.net to force https for an entire site?
Any way to handle Put and Delete verbs in ASP.Net MVC?
Response.Redirect with POST instead of Get?
How to get the correct Content-Length for a POST request.
IIS7: HTTP->HTTPS Cleanly
[ASP.NET ERROR] The request was aborted: Could not create SSL/TLS secure channel.
Testing HTTPS files with MAMP
How do banks remember "your computer"?
Avoid traffic shaping by using ssh on port 443
Convince Firefox to send an If-Modified-Since header over HTTPS
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
Options for Google Maps over SSL