I have a website residing on a domain with a valid SSL certificate that is fully using HTTPS. If I take form data from this site that is secured with an SSL and send it to a non-secure HTTP endpoint using a cURL POST is the transmission fully encrypted considering it's going from an HTTPS site to an HTTP endpoint?
Asked
Active
Viewed 1,685 times
1 Answers
6
Short answer: no, it is not encrypted.
The only thing that matters is the URL you are using to send content, what happened before is irrelevant.
If you are sending your content to an HTTP URL then it is not encrypted, end of story (except some rare corner cases that you should not rely on, like HSTS preloading where a browser would automatically do an HTTPS request instead).
Patrick Mevzek
- 8,590
- 1
- 22
- 42