Django rest framework token based authentication, tokens are visible in http request header -

i have implemented token based authentication using django rest framework.
tokens visible in http requests header when seen using browser's developers tools. , i'm able fetch private data api of postman using token. feel not secure way authentication. questions tokens visible in http request header every token based authentication. if no, please tell me 1 should use.