SSL加密从客户端到服务器的整个通信路径，然后返回，是的 - 标头将被加密。

SSL encrypts the entire communications path from the client to the server and back, so yes - the headers will be encrypted.

顺便说一句，如果你开发网络应用程序和关心数据安全性，你应该做的最少的事情就是阅读像Niels Ferguson和Bruce Schneier这样的实用密码学这本书，并且可能进一步阅读更多关注Web应用程序安全性的书将是一个好主意。如果我可以做一个观察 - 并且请，我并不是说这是个人的批评 - 你的问题表明基本上缺乏对非常基本的网络安全技术的理解，这绝不是一个好兆头。

By the way, if you develop networked applications and care about data security, the least you should do is read a book like Practical Cryptography, by Niels Ferguson and Bruce Schneier, and probably further reading that's more focused on web application security would be a good idea. If I may make an observation - and please, I don't mean that as a personal criticism - your question indicates a fundamental lack of understanding of very basic web security technologies, and that's never a good sign.

此外，确认假定加密的数据确实是加密的，这绝不是一个坏主意。您可以使用网络分析仪监控线路上的流量，并注意明确发送的任何敏感信息。我之前使用过Wireshark来做这件事 - 结果有时令人惊讶。

Also, it's never a bad idea to confirm that data which is assumed to be encrypted is indeed encrypted. You can use a network analyzer to monitor traffic on the wire and watch out for anything sensitive being sent in the clear. I've used Wireshark to do this before - the results can be surprising, sometimes.