HTTP GET Request Method

GET is an HTTP method for requesting data from the server. Requests using the HTTP GET method should only fetch data, cannot enclose data in the body of a GET message, and should not have any other effect on data on the server.

What is HTTP?

The Hypertext Transfer Protocol (HTTP) is the core protocol of the World Wide Web. It is designed to support communication between a browser or an application and servers. HTTP protocol is used to send information in a format that both the client and the server can understand. HTTP works as a stateless request-response protocol between the client and the web server. HTTP protocol is based on several request methods, or "verbs", including the HTTP GET and HTTP POST request methods, among others. Web browsers usually only use HTTP GET and HTTP POST, but RESTful desktop and mobile applications use many others. Sending data to the server over HTTP can be done using several HTTP request methods. The HTTP GET request method is one of them.

What is the HTTP GET request method used for?

The HTTP GET request method is used to request a resource from the server. The GET request should only receive data (the server must not change its state). If you want to change data on the server, use POST, PUT, PATCH or DELETE methods.

Can I send HTTP Headers using the GET method?

Yes, you can send any HTTP headers with your GET request. For example, you can send user authentication data in the Authorization header, send browser cookies in the Cookie header, or even send some additional details about your request in custom headers like X-Powered-By or X-User-IP. By default, browsers send the Accept, Accept-Encoding, User-Agent, and Referer HTTP headers on every request.

Can I send data using the HTTP GET method?

No, HTTP GET requests cannot have a message body. But you still can send data to the server using the URL parameters. In this case, you are limited to the maximum size of the URL, which is about 2000 characters (depends on the browser). The HTTP GET method is defined as idempotent, which means that multiple identical GET requests should have the same effect as a single request.

HTTP GET Request Examples

Browsers send a HTTP GET request to get the page from the server. Below are a few GET request examples from different web browsers.

Google Chrome HTTP GET Request Example Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate

Mozilla Firefox HTTP GET Request Example Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate

The main difference between these two HTTP GET requests is the User-Agent header parameter that tells the server from which browser the request was sent. If you send requests from your application, you can specify your application name in the User-Agent header.

The Accept-Encoding header tells the server what compression algorithms the client can understand. The server may select one of the proposed algorithms, and compress the body of a response using this algorithm. In this case, the server must provide the used compression algorithm name in the Content-Encoding response header.

Server Response to HTTP GET Request
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

<!DOCTYPE html>
......
</html>

If you don't specify the Accept-Encoding header in your request, or server does not support any of the proposed compression algorithms then the server does not compress the body of the response.

HTTP GET Request Without Suitable Accept-Encoding Header Run Example
GET / HTTP/1.1
Host: reqbin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Accept-Encoding: identity

As you can see, the Content-Encoding header is not represented in the server response. In this case, the size of the transmitted data is much larger, which may lead to lower page loading speed and increase the traffic cost for mobile devices.

Server Response Without Content Compression
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

<!DOCTYPE html>
......
</html>


How do I request JSON and XML using the HTTP GET method?

Clients can request JSON from the server by sending HTTP GET requests. In this example, the Accept: application/json header tells the server that the client is "expecting" the response content in JSON format. If the client wants to receive the response content in XML format, it can specify the Accept: application/xml header. If the client can handle both types of content, it can list them all in the Accept header, separated by a comma.

JSON Request Example Run Example
GET /echo/get/json HTTP/1.1
Host: reqbin.com
Authorization: Bearer mt0dgHmLJMVQhvjpNXDyA83vA_Pxh33Y
Accept: application/json

In the server response, the Content-Type header tells the client the type of returned content. For JSON files the server will return Content-Type: application/json.

Server Response With Content-Type Header
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked

{"success":"true"}

To request private resources from the server, such as the user's personal data, the server may ask the client to provide some authorization data to ensure that the client is authorized to receive the requested data. There are several ways to authorize the client. One of the most popular authorization methods is the Bearer token authorization header.

HTTP GET Method Specification

Safe Yes
Idempotent Yes
Cacheable Yes
Can have a body No

Some notes on HTTP GET requests

  • GET requests can be cached
  • GET requests remain in the browser history
  • GET requests can be bookmarked
  • GET requests should never be used when dealing with sensitive data

HTTP GET vs POST

GET POST
Browser BACK button/Reload Harmless Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
Bookmarked Can be bookmarked Cannot be bookmarked
Cached Can be cached Not cached
History Parameters remain in browser history Parameters are not saved in browser history
Restrictions on data length Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) No restrictions
Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is also allowed
Security HTTP GET is less secure compared to POST because data sent is part of the URL. Never use the GET method when sending passwords or other sensitive information!
Visibility Data is visible to everyone in the URL Data is not displayed in the URL

See also

Last updated: Viewed: 9866 times