On 2015-04-03 00:32, Nino J wrote: > Just bear in mind that the OP mentioned redirect to https. That means that > the initial request to the exact URL (i.e. before being redirected and > switching to https) is visible. Which is why we have HSTS. Packaged HSTS lists prevent the browser from ever sending an uncrypted URL.