Are querystring parameters secure in HTTPS (HTTP + SSL)?

security https http-get
Deep picture Deep · Apr 13, 2010 · Viewed 139.6k times · Source

Do querystring parameters get encrypted in HTTPS when sent with a request?

Answer

Joe Ratzer picture Joe Ratzer · Apr 13, 2010

Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn't a good idea to put sensitive information in the URL. For example:

URLs are stored in web server logs - typically the whole URL of each request is stored in a server log. This means that any sensitive data in the URL (e.g. a password) is being saved in clear text on the server

Related questions

How to redirect all HTTP requests to HTTPS

I'm trying to redirect all insecure HTTP requests on my site (e.g. http://www.example.com) to HTTPS (https://www.example.com). I'm using PHP btw. Can I do this in .htaccess?

Read More
Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?

This morning, upon upgrading my Firefox browser to the latest version (from 22 to 23), some of the key aspects of my back office (website) stopped working. Looking at the Firebug log, the following errors were being reported: Blocked loading mixed active …

Read More
How to allow http content within an iframe on a https site

I load some HTML into an iframe but when a file referenced is using http, not https, I get the following error: [blocked] The page at {current_pagename} ran insecure content from {referenced_filename} Is there any way to turn …

Read More