GET and POST are the two most commonly used HTTP request methods. Typically GET requests are used to request webpages while POST is used to send data to the webserver such as through a webform.
Tip: While they are called HTTP methods, both GET and POST are also used in HTTPS.
One of the important distinctions is that any parameters included in GET requests are included in the URL itself, whereas parameters in POST requests are part of the request body.
For example, a GET request URL may look like “GET.php?parameter=value” whereas the URL for a POST request would look like “POST.php” and then have the “parameter=value” set in the request body.
One of the key ramifications of this is that when webservers log requests the requested URL is always logged. So, for GET requests, the parameters are also logged, in the case of POST requests though the values are not logged as the body of the request isn’t logged. This is especially important for forms that contain sensitive data such as passwords or PII (Personally Identifiable Information), as using POST means that this information doesn’t get logged in webservers.
Other differences between GET and POST include the fact that GET requests can be cached by the browser or third-party caches, GET requests are included in the browser history and can be bookmarked. POST requests in comparison are never cached, are not saved to the browser history, and can’t be bookmarked.
It is possible to configure forms to use a GET request to send data to the webserver but doing so is a bad idea as all of these factors come into play. It’s especially important for sensitive forms such as login forms as if this request was logged it would disclose the user’s password, and if the response was cached by a third-party it could let other users sign into the user’s account.
