HTTP methods are promises about consequences. GET says 'I will only look.' POST says 'Something will change.' Understanding these contracts explains why browsers warn you before refreshing a form, why some requests can be cached and others can't, and how the entire web stays coherent.
GET requests are questions—they retrieve data without changing anything. This simple rule enables caching, prefetching, and automatic retries. Break it, and browsers might delete your users' accounts.
POST doesn't ask for data—it acts on the server. Understanding this distinction is the key to forms, APIs, and secure web applications.
PUT replaces the entire resource—omit a field and it's gone. PATCH modifies only what you specify. The choice determines what happens to the fields you don't mention.
DELETE is idempotent—you can call it forever—but destruction only happens once. That tension shapes every implementation decision.
HEAD is reconnaissance—it asks servers to describe resources without sending them. Check file sizes, verify links, validate caches, all without transferring a single byte of content.
OPTIONS asks servers 'what can I do here?' But its real job is stranger: it's the browser asking permission on behalf of JavaScript it doesn't trust.
The network doesn't tell you whether your request succeeded—it tells you whether it heard back. Idempotency is how you build systems that handle this uncertainty.
CONNECT turns proxies into dumb pipes for HTTPS tunneling. TRACE echoes requests for debugging—but its transparency made it a security liability. Two specialized HTTP methods with very different fates.
Was this page helpful?