HTTPS encrypts all message contents, including the HTTP headers and also the request/response info. Excluding the possible CCA cryptographic assault explained in the limitations segment below, an attacker need to at most have the opportunity to discover that a connection is happening between two events, coupled with their domain names and IP addres