# Encryption in Transit
<a name="encryption-transit"></a>

The following table provides information about how data is encrypted in transit. Where applicable, other data protection methods for WorkSpaces Applications are also listed.


| Data | Network path | How protected | 
| --- | --- | --- | 
|  Web assets This traffic includes assets such as images and JavaScript files.  |  Between WorkSpaces Applications users and WorkSpaces Applications  | Encrypted using TLS 1.2 | 
| Pixel and related streaming traffic | Between WorkSpaces Applications users and WorkSpaces Applications |  Encrypted using 256-bit Advanced Encryption Standard (AES-256) Transported using TLS 1.2  | 
| API traffic | Between WorkSpaces Applications users and WorkSpaces Applications |  Encrypted using TLS 1.2 Requests to create a connection are signed using SigV4  | 
| Application settings and home folder data generated by users Applicable when application settings persistence and home folders are enabled.  | Between WorkSpaces Applications users and Amazon S3 | Encrypted using Amazon S3 SSL endpoints | 
| WorkSpaces Applications-managed traffic |  Between WorkSpaces Applications streaming instances and: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/appstream2/latest/developerguide/encryption-transit.html)  | Encrypted using TLS 1.2 Requests to create a connection are signed using SigV4 where applicable |