HTTP Methods
Covers the common methods plus the newly published QUERY method. Badges mark whether each method is safe / idempotent / cacheable / allows a body.
QUERYNEW
A safe query method that carries a request body — a “GET with a body”.
QUERY (IETF draft draft-ietf-httpbis-safe-method-w-body) is a newly introduced method: safe, idempotent, and allowed to carry a request body. It solves GET’s inability to safely carry a body and the need to cram complex queries into bloated URLs, while avoiding the “unsafe / non-cacheable” semantic mismatch of using POST for queries. Responses are cacheable; the server should indicate the queried resource’s location via Content-Location as the cache key. Ideal for complex search, GraphQL-style queries, and retrievals with many filters.
GET
Retrieve a resource; should have no side effects.
The most common method, used to read resources. Safe (no server state change), idempotent, cacheable. A request body has no defined semantics in GET and should be avoided.
POST
Submit data, often creating a resource or triggering processing.
Submits data to the server. Neither safe nor idempotent — repeating it may create multiple resources. Often misused for queries (since it can carry a body), but its semantics don’t fit querying — exactly one case QUERY aims to replace.
PUT
Replace the target resource in full.
Replaces the target resource with a complete representation. Idempotent — repeating the same PUT yields the same result. Usually creates the resource if it doesn’t exist.
PATCH
Apply a partial modification to a resource.
Applies a partial update (e.g. JSON Patch / JSON Merge Patch). Not guaranteed idempotent by default; depends on the patch document’s semantics.
DELETE
Delete the target resource.
Deletes the specified resource. Idempotent — deleting an already-deleted resource yields a consistent result (typically 404/204).
HEAD
Like GET but returns only headers, no body.
Used to fetch metadata (e.g. Content-Length, Last-Modified) without downloading the body. Safe, idempotent, cacheable.
OPTIONS
Query the communication options supported for the target resource.
Returns information such as the methods the server supports for the target resource; commonly seen in CORS preflight requests.
TRACE
HTTP TRACE performs a loopback diagnostic test along the request path. Reveals proxy modifications, security risks, and why servers disable TRACE in production.
Diagnosing how intermediaries modify requests along the path to a server is the purpose of the HTTP TRACE method. The final recipient reflects the received request back as the response body, revealing changes made by proxies and gateways.
CONNECT
HTTP CONNECT establishes a TCP tunnel through a proxy for HTTPS and other protocols. Tunneling flow, proxy behavior, and security considerations.
When a client behind a proxy needs a direct TCP channel to a remote host, it uses the HTTP CONNECT method to establish a tunnel through the intermediary.