HTTP GET Request

The HTTP GET method is used to request a resource from the server. The HTTP GET request should only receive data (the server must not change its state). If you want to change data on the server, use POST, PUT, PATCH or DELETE methods.

The HTTP GET requests cannot have a message body. But you still can send data to the server using the URL parameters. In this case, you are limited to the maximum size of the URL, which is about 2000 characters (depends on the browser).

The HTTP GET method is defined as idempotent, which means that multiple identical HTTP GET requests should have the same effect as a single request.

HTTP GET Request Examples
Browsers send a HTTP GET request to get the page from the server. Below are a few GET request examples from different web browsers.

Google Chrome HTTP GET Request Example Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate

Mozilla Firefox HTTP GET Request Example Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate

The main difference between these two GET requests is the User-Agent header parameter that tells the server from which browser the request was sent. If you send requests from your application, you can specify your application name in the User-Agent header.

The Accept-Encoding header tells the server what compression algorithms the client can understand. The server may select one of the proposed algorithms, and compress the body of a response using this algorithm. In this case, the server must provide the used compression algorithm name in the Content-Encoding response header.

Server Response to HTTP GET Request
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

<!DOCTYPE html>
......
</html>

If you don't specify the Accept-Encoding header in your request, or server does not support any of the proposed compression algorithms then the server does not compress the body of the response.

HTTP GET Request Without Suitable Accept-Encoding Header Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Accept-Encoding: identity

As you can see, the Content-Encoding header is not represented in the server response. In this case, the size of the transmitted data is much larger, which may lead to lower page loading speed and increase the traffic cost for mobile devices.

Server Response Without Content Compression
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

<!DOCTYPE html>
......
</html>


Requesting JSON and XML by using the HTTP GET Request


Clients can request JSON from the server by sending HTTP GET requests. In this example, the Accept: application/json header tells the server that the client is "expecting" the response content in JSON format. If the client wants to receive the response content in XML format, it can specify the Accept: application/xml header. If the client can handle both types of content, it can list them all in the Accept header, separated by a comma.

JSON Request Example Run Example
GET /echo/get/json HTTP/1.1
Host: reqbin.com
Authorization: Bearer mt0dgHmLJMVQhvjpNXDyA83vA_PxH23Y
Accept: application/json

In the server response, the Content-Type header tells the client the type of returned content. For JSON files the server will return Content-Type: application/json.

Server Response With Content-Type Header
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked

{"success":"true"}


To request private resources from the server, such as the user's personal data, the server may ask the client to provide some authorization data to ensure that the client is authorized to receive the requested data. There are several ways to authorize the client. One of the most popular authorization methods is the Bearer token authorization header.

Some notes on HTTP GET requests


  • GET requests can be cached
  • GET requests remain in the browser history
  • GET requests can be bookmarked
  • GET requests should never be used when dealing with sensitive data

HTTP GET vs POST

GET POST
Browser BACK button/Reload Harmless Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
Bookmarked Can be bookmarked Cannot be bookmarked
Cached Can be cached Not cached
History Parameters remain in browser history Parameters are not saved in browser history
Restrictions on data length Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) No restrictions
Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is also allowed
Security HTTP GET is less secure compared to POST because data sent is part of the URL. Never use the GET method when sending passwords or other sensitive information!
Visibility Data is visible to everyone in the URL Data is not displayed in the URL

http-method http-request get-json get-xml get-request request-example get-example