@ratoshi21
@mattpocockuk
I for one prefer general data scarcity. I don‘t need anybody to monitor any of the web traffic that I cause. However, in more technical terms, any headers, including potentially ids, tokens, device, client, etc. that are sent with a request (or response) should be encrypted.