HTTP GET requests cannot have a message body. But you still can send data to the server using the URL parameters. In this case, you are limited to the maximum size of the URL, which is about 2000 characters (depends on the browser).
The HTTP GET method is defined as idempotent, which means that multiple identical HTTP GET requests should have the same effect as a single request.
HTTP GET Request ExamplesBrowsers send a HTTP GET request to get the page from the server. Below are a few GET request examples from different web browsers.
The main difference between these two GET requests is the User-Agent header parameter that tells the server from which browser the request was sent. If you send requests from your application, you can specify your application name in the User-Agent header.
The Accept-Encoding header tells the server what compression algorithms the client can understand. The server may select one of the proposed algorithms, and compress the body of a response using this algorithm. In this case, the server must provide the used compression algorithm name in the Content-Encoding response header.
If you don't specify the Accept-Encoding header in your request, or server does not support any of the proposed compression algorithms then the server does not compress the body of the response.
As you can see, the Content-Encoding header is not represented in the server response. In this case, the size of the transmitted data is much larger, which may lead to lower page loading speed and increase the traffic cost for mobile devices.
Requesting JSON and XML by using the HTTP GET Request
Clients can request JSON from the server by sending HTTP GET requests. In this example, the Accept: application/json header tells the server that the client is "expecting" the response content in JSON format. If the client wants to receive the response content in XML format, it can specify the Accept: application/xml header. If the client can handle both types of content, it can list them all in the Accept header, separated by a comma.
In the server response, the Content-Type header tells the client the type of returned content. For JSON files the server will return Content-Type: application/json.
To request private resources from the server, such as the user's personal data, the server may ask the client to provide some authorization data to ensure that the client is authorized to receive the requested data. There are several ways to authorize the client. One of the most popular authorization methods is the Bearer token authorization header.
Some notes on HTTP GET requests
- GET requests can be cached
- GET requests remain in the browser history
- GET requests can be bookmarked
- GET requests should never be used when dealing with sensitive data
HTTP GET vs POST
|Browser BACK button/Reload||Harmless||Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)|
|Bookmarked||Can be bookmarked||Cannot be bookmarked|
|Cached||Can be cached||Not cached|
|History||Parameters remain in browser history||Parameters are not saved in browser history|
|Restrictions on data length||Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)||No restrictions|
|Restrictions on data type||Only ASCII characters allowed||No restrictions. Binary data is also allowed|
|Security||HTTP GET is less secure compared to POST because data sent is part of the URL. Never use the GET method when sending passwords or other sensitive information!|
|Visibility||Data is visible to everyone in the URL||Data is not displayed in the URL|