Tuesday, January 5, 2016

three reasons why sensitive data must not be sent as URL parameters with HTTPS


  • URLs are often logged by the server side, and who knows where those logs are going to end up.
  • URLs are often sent as referer headers.
  • Browsers log and store URLs