If you use HTTPS will your URL params will be safe from sniffing? [duplicate]

by

Yes your URL would be safe from sniffing; however, one hole that is easily overlooken is if your page references any third party resources such as Google Analytics, Add Content anything, your entire URL will be sent to the third party in the referer. If its really sensitive it doesn’t belong in the query string.

As for your second part of the question, you can’t use SSL if you don’t have a certificate on the server.

More Related Contents:

  1. https URL with token parameter : how secure is it?
  2. How to redirect all HTTP requests to HTTPS
  3. Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
  4. Will web browsers cache content over https
  5. Are HTTPS headers encrypted?
  6. Best way to handle security and avoid XSS with user entered URLs
  7. With HTTPS, are the URL and the request headers protected as the request body is?
  8. Username and password in https url
  9. Should I hash the password before sending it to the server side?
  10. Is it secure to submit from a HTTP form to HTTPS?
  11. SSL Error: unable to get local issuer certificate
  12. Is HTTP header Referer sent when going to a http page from a https page?
  13. curl – Is data encrypted when using the –insecure option?
  14. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  15. WS on HTTP vs WSS on HTTPS
  16. Is there a way to force apache to return 404 instead of 403?
  17. Why not use HTTPS for everything?
  18. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  19. Salt Generation and open source software
  20. Is “double hashing” a password less secure than just hashing it once?
  21. Remove Server Response Header IIS7
  22. Is it safe to enable CORS to * for a public and readonly webservice?
  23. Preventing Brute Force Logins on Websites
  24. Does HTML5 allow you to interact with local client files from within a browser
  25. Docker and securing passwords
  26. Is JSONP safe to use?
  27. Is it safe to enable ”Access-Control-Allow-Origin: *“ (wildcard) for a public and readonly webservice?
  28. Difference between CSRF and X-CSRF-Token
  29. Should be used for JSF 2.2 CSRF protection?
  30. Setting cookie in iframe – different Domain

Leave a Comment