Are REST request headers encrypted by SSL?

SSL encrypts the entire communications path from the client to the server and back, so yes – the headers will be encrypted.

By the way, if you develop networked applications and care about data security, the least you should do is read a book like Practical Cryptography, by Niels Ferguson and Bruce Schneier, and probably further reading that’s more focused on web application security would be a good idea. If I may make an observation – and please, I don’t mean that as a personal criticism – your question indicates a fundamental lack of understanding of very basic web security technologies, and that’s never a good sign.

Also, it’s never a bad idea to confirm that data which is assumed to be encrypted is indeed encrypted. You can use a network analyzer to monitor traffic on the wire and watch out for anything sensitive being sent in the clear. I’ve used Wireshark to do this before – the results can be surprising, sometimes.

Leave a Comment