HTTPS encrypts all message contents, such as the HTTP headers and also the request/reaction facts. Except for the doable CCA cryptographic assault described in the constraints part below, an attacker should really at most have the option to find that a connection is occurring among two functions, in conjunction with their domain names and IP addres