O'Reilly logo
  • Gishu Pillai thinks this is interesting:

Unlike WS-Security, which can be used in a fine-grained manner, HTTPS creates a secure transport channel and so obfuscates the entire HTTP envelope (including headers). For secure web traffic, this means transferred representations bypass web intermediaries like proxies, and the HTTP metadata is only available to the client and server and not to the underlying web infrastructure.

On the one hand, this is sensible since sensitive information shouldn’t be cached or seen by intermediaries. On the other, it does inhibit sca...


Cover of REST in Practice


HTTPS defeats caching