What parts of a URL are protected by TLS? [duplicate]

browser url ssl privacy uri

Solution 1:

Edited 1/20/2022, thank to Synchro in the comments

  • The domain name https://this.part.here/not/this/part?or=this
  • and the hostname. Which can be found on unix systems inside /etc/hostname

The domain name is leaked to the ISP via DNS request, and the hostname is leaked via SNI. Everything else is encrypted over TLS including the request URL and accompanied query parameters. However, if you use DNS over HTTPS (DoH) or DNS over TLS (DoT), these problems can be mitigated. ECH is a recent addition to the TLS 1.3 spec that fixes the hostname problem and has been automatically enabled alongside Firefox DoH since 2018.

If you're curious what you're currently leaking, you can check out Firefox's website data integrity tool here

TLS 1.3 spec

HTTP over TLS spec

DNS spec

DNS over HTTPS spec

Related

What is wrong with this code. Why can't I use SqlConnection?
Is it possible to receive image as a response in postman using spring boot + rest API. Or is there any other method using anything else? [duplicate]
Dynamic multi level hierarchy JSON to Java Pojo. Re-use for multiple projects
scala annotation argument needs to be constant but final val does not make it
Do operation on two Observables in angular
Why am I getting a "requestMappingHandlerMapping" error when I have 2 controller methods which has same exact endpoint string value
Can I detect when a language is detected for the first time using i18next-browser-languageDetector?
How to start apache2 automatically in a ubuntu docker container?
Bar chart using dataframe Matplotlib
Change DATETIME FORMAT while fetch foreach [duplicate]
How i can get bigquery table data in google script?
When does creationTime or lastSignInTime of firebase.auth.UserMetadata returned as null/undefined?