# Encryption in Transit
The following table provides information about how data is encrypted in transit. Where applicable, other data protection methods for WorkSpaces Applications are also listed.
| Data | Network path | How protected |
| --- | --- | --- |
| Web assets
This traffic includes assets such as images and JavaScript files. | Between WorkSpaces Applications users and WorkSpaces Applications | Encrypted using TLS 1.2 |
| Pixel and related streaming traffic | Between WorkSpaces Applications users and WorkSpaces Applications | Encrypted using 256-bit Advanced Encryption Standard (AES-256)
Transported using TLS 1.2 |
| API traffic | Between WorkSpaces Applications users and WorkSpaces Applications | Encrypted using TLS 1.2
Requests to create a connection are signed using SigV4 |
| Application settings and home folder data generated by users
Applicable when application settings persistence and home folders are enabled. | Between WorkSpaces Applications users and Amazon S3 | Encrypted using Amazon S3 SSL endpoints |
| WorkSpaces Applications-managed traffic | Between WorkSpaces Applications streaming instances and:[See the AWS documentation website for more details](http://docs.aws.amazon.com/appstream2/latest/developerguide/encryption-transit.html) | Encrypted using TLS 1.2
Requests to create a connection are signed using SigV4 where applicable |