GET vs. POST – the two most important HTTP requests compared

In modern in­ter­act­ively designed websites, the clients - i.e. the browsers - not only retrieve an HTML document from the server, but often also send it the following in­form­a­tion:

• The text of a search term that the user has entered into the search field
• The contents of a completed form
• The filter selection in a website’s shop
• A sorted list

For the trans­mis­sion of this kind of in­form­a­tion to the server, the HTTP protocol provides various request methods. The two most important of these are GET and POST. Although both lead to the same result, they are still fun­da­ment­ally different. Read on to find out where the dif­fer­ences lie and when one method may be prefer­able over the other.

With the GET method, the data to be sent to the server is written directly into the URL. In a browser window, this would look like the below:

All the in­form­a­tion entered by the user – known as the URL para­met­ers – is trans­mit­ted as openly as the URL itself. This has ad­vant­ages and dis­ad­vant­ages.

The URL para­met­ers can be saved together with the website address. This allows you to bookmark a search query and retrieve it later. If necessary, a page can also be retrieved via the browsing history.

This is useful, for example, when regularly viewing a Google Maps map section, or for saving web pages with certain filter and selection settings.

The main dis­ad­vant­age of the GET method is the lack of data pro­tec­tion. The URL para­met­ers sent along with the data are not only visible to everyone in the browser address bar, but are also stored un­en­cryp­ted in the browser history, cache, and log file of the server.

A second dis­ad­vant­age is the limited capacity of data length. Depending on the web server and browser, no more than about 2,000 char­ac­ters can be entered in the URL. URL para­met­ers can also only contain ASCII char­ac­ters (letters, numbers, special char­ac­ters, etc.), but not binary data such as audio files or images.

The POST method writes the URL para­met­ers in the HTTP request for the server. They are, therefore, not visible to users. The scope of POST requests is unlimited.

When it comes to trans­mit­ting sensitive data to the server - e.g. the re­gis­tra­tion form with user name and password - the POST method offers the necessary privacy. The data is neither cached nor does it appear in the browsing history. Another bonus is how flexible the POST method is. Users can transmit short texts, but also data of any size or type, such as photos or videos.

If a web page is updated using the ‘back’ button, for example, after you’ve used a web form, the form data must be re­sub­mit­ted. You may have pre­vi­ously come across warnings of this kind popping up on the screen. There is a risk that the data is in­ad­vert­ently sent several times, which can trigger unwanted duplicate orders, for example in the case of an order form. However, regularly updated shopping websites using modern pro­gram­ming can prevent this.

Similarly, data trans­mit­ted using the POST method cannot be saved as bookmarks together with the URL.

POST is almost always preferred over GET when the user needs to submit data or files to the server, for example when filling out forms or uploading photos.

GET is par­tic­u­larly well-suited for per­son­al­ising websites. The user's search entries, filter settings, and selection settings can be saved as bookmarks along with the URL, so that the next time the user visits the site, it looks exactly the way they want it to look.

Here's a simple rule of thumb to help you remember:

• GET for settings on a website (filters, sorting, search entries, etc.)
• POST for the trans­mis­sion of user in­form­a­tion and data