Are querystring parameters secure in HTTPS (HTTP + SSL)?

Deep picture Deep · Apr 13, 2010 · Viewed 139.6k times · Source

Do querystring parameters get encrypted in HTTPS when sent with a request?

Answer

Joe Ratzer picture Joe Ratzer · Apr 13, 2010

Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn't a good idea to put sensitive information in the URL. For example:

URLs are stored in web server logs - typically the whole URL of each request is stored in a server log. This means that any sensitive data in the URL (e.g. a password) is being saved in clear text on the server