GET vs. POST – the two most important HTTP requests compared

In modern interactively designed websites, the clients - i.e. the browsers - not only retrieve an HTML document from the server, but often also send it the following information:

• The text of a search term that the user has entered into the search field
• The contents of a completed form
• The filter selection in a website’s shop
• A sorted list

For the transmission of this kind of information to the server, the HTTP protocol provides various request methods. The two most important of these are GET and POST. Although both lead to the same result, they are still fundamentally different. Read on to find out where the differences lie and when one method may be preferable over the other.

With the GET method, the data to be sent to the server is written directly into the URL. In a browser window, this would look like the below:

All the information entered by the user – known as the URL parameters – is transmitted as openly as the URL itself. This has advantages and disadvantages.

The URL parameters can be saved together with the website address. This allows you to bookmark a search query and retrieve it later. If necessary, a page can also be retrieved via the browsing history.

This is useful, for example, when regularly viewing a Google Maps map section, or for saving web pages with certain filter and selection settings.

The main disadvantage of the GET method is the lack of data protection. The URL parameters sent along with the data are not only visible to everyone in the browser address bar, but are also stored unencrypted in the browser history, cache, and log file of the server.

A second disadvantage is the limited capacity of data length. Depending on the web server and browser, no more than about 2,000 characters can be entered in the URL. URL parameters can also only contain ASCII characters (letters, numbers, special characters, etc.), but not binary data such as audio files or images.

The POST method writes the URL parameters in the HTTP request for the server. They are, therefore, not visible to users. The scope of POST requests is unlimited.

When it comes to transmitting sensitive data to the server - e.g. the registration form with user name and password - the POST method offers the necessary privacy. The data is neither cached nor does it appear in the browsing history. Another bonus is how flexible the POST method is. Users can transmit short texts, but also data of any size or type, such as photos or videos.

If a web page is updated using the ‘back’ button, for example, after you’ve used a web form, the form data must be resubmitted. You may have previously come across warnings of this kind popping up on the screen. There is a risk that the data is inadvertently sent several times, which can trigger unwanted duplicate orders, for example in the case of an order form. However, regularly updated shopping websites using modern programming can prevent this.

Similarly, data transmitted using the POST method cannot be saved as bookmarks together with the URL.

POST is almost always preferred over GET when the user needs to submit data or files to the server, for example when filling out forms or uploading photos.

GET is particularly well-suited for personalizing websites. The user's search entries, filter settings, and selection settings can be saved as bookmarks along with the URL, so that the next time the user visits the site, it looks exactly the way they want it to look.

Here's a simple rule of thumb to help you remember:

• GET for settings on a website (filters, sorting, search entries, etc.)
• POST for the transmission of user information and data