8.2. Signatures do not provide confidentiality

HTTP message signatures do not provide confidentiality for any of the information protected by the signature. The content of the HTTP message, including the value of all fields and the value of the signature itself, is presented in plaintext to any party with access to the message.

To provide confidentiality at the transport level, TLS or its equivalent can be used, as discussed in Section 7.1.2.