Is Downloading a file from a https page secure?

I have an e-commerce website, in the backend area I have a page creating a file on the go (without saving it on the server) with very sensitive data (credi cards details). In order to access the page authorized users have to log in.

The file is then downloaded with these commandes

[PHP]
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=MB Web Sales - GBP - CAL-99976440-".time()."batch-opt.csv");
header('Cache-Control: maxage=3600');
header('Pragma: public');

.........

echo $string;

[/PHP]

I would like to know if the data is secure during the download or not, and if it isn't what I can do to make it so.

re: Is Downloading a file from a https page secure?

Hi.

If this is indeed fetched via a HTTPS connection, then the entire response should be encrypted, even if it contains a file.

A HTTPS connection is just a normal HTTP request/response sent via a SSL/TLS connection, so I see no reason why a file download would be handled any different than a typical HTML page.

I'm not 100% sure about this, but as close to it as I can be without actually testing it myself.