HTML and CSS Reference
look at URLs that include query strings. Ask yourself, "Would it bother me if Googlebot followed this URL?" For
the moment, ignore the temptation to say, "Google could never find this" or "Google would not have the right
user authentication cookies to be allowed in" or anything like that. Simply consider whether it would be a
problem if Googlebot did somehow get in. Would it do anything you wouldn't want it to do?
Next, ask yourself what would happen if a real user got a timeout on a page and resubmitted the form. Would a
credit card be charged twice? Would they have printed two copies of a book instead of one? Would anything
have happened that they did not want to happen and had not asked for?
If the answer to any of these questions is yes, the form should be using POST rather than GET. POST is intended
for potentially unsafe operations. POST operations are not cached, bookmarked, prefetched, or even resent
from the back button without an explicit user request. POST operations are at least sometimes dangerous and
irrevocable. Consequently, user agents such as browsers take special care to make sure the user does not
accidentally POST data without really meaning to. By contrast, URLs accessed via GET are commonly
downloaded without any human intervention or consent whatsoever. They are for browsing, not buying. They
should be safe and free of side effects.
The following operations should be done with POST:
Purchasing an item
Agreeing to a legal document
Posting a comment on a blog
Deleting a page from a content management system (CMS)
Signing a petition
Inserting new content into a database
Printing a map
Controlling a machine
This is just a sample. There are many more.
By contrast, the following operations should be done with GET, because they are safe and do not obligate the
Reading a legal document
Downloading an editable copy of a document from a CMS