When you’re securely visiting a website via https:// the data sent between the server and your browser is encrypted but what about the URLs you’re visiting within the site? Can your ISP or other third party observer see what you’re looking at?

今天的问答环节是由SuperUser提供的，SuperUser是Stack Exchange的一个分支，是一个由社区驱动的问答网站分组。

问题

匿名超级用户读者想知道他们的浏览会话是否完全安全：

We all know that HTTPS encrypts the connection between the computer and the server so that it cannot be viewed by a third party. However, can the ISP or a third party see the exact link of the page the user accessed?

For example, I visit:

https://www.website.com/data/abc.html

Will the ISP know that I accessed */data/abc.html or just know that I visited the IP of www.website.com?

If they know, then why does Wikipedia and Google have HTTPS when someone can just read the internet logs and find out the exact content the user viewed?

这是一个有趣的问题，对个人隐私肯定有影响。让我们调查一下。

答案

SuperUser contributor Grawity提供了一个非常简洁的概述，介绍了整个URL的处理过程：

From left to right:

The schema https: is, obviously, interpreted by the browser.

The domain name www.website.com is resolved to an IP address using DNS. Your ISP will see the DNS request for this domain, and the resp***e.

The path /data/abc.html is sent in the HTTP request. If you use HTTPS, it will be encrypted along with the rest of the HTTP request and resp***e.

The query string ?this=that, if present in the URL, is sent in the HTTP request – together with the path. So it’s also encrypted.

The fragment #there, if present, is not sent anywhere – it’s interpreted by the browser (sometimes by JavaScript on the returned page).

简而言之，域名右边的所有内容都由HTTPS会话加密，并且对您的ISP或任何窥视您的活动的人都不可见。

有什么要补充的解释吗？在评论中发出声音。想从其他精通技术的Stack Exchange用户那里了解更多答案吗？在这里查看完整的讨论主题。