DevToolbox

HTTP Method Reference

Interactive reference for all HTTP methods with properties, examples, and curl commands.

About This Tool

The HTTP Method Reference is a free, browser-based interactive guide to every standard HTTP request method defined in the HTTP/1.1 specification. It covers the nine methods you encounter in web development: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE, and CONNECT. Each method card displays its RFC source, a concise description, whether it is safe, idempotent, or cacheable, the typical response status codes, and a ready-to-use curl example you can copy with one click.

Understanding HTTP methods is essential for building correct REST APIs, debugging network issues, and writing integration tests. A safe method (GET, HEAD, OPTIONS, TRACE) must not alter server state, which is why browsers freely retry them on network errors. An idempotent method (GET, HEAD, PUT, DELETE, OPTIONS, TRACE) produces the same result regardless of how many times it is called — a property that makes retries and caching reliable. If you are designing a new API, pairing the right method with the right endpoint is the first step toward a predictable, standards-compliant interface.

This tool pairs naturally with the HTTP Status Codes reference, which explains the response codes each method typically returns. If you need to inspect real-world headers, try the HTTP Header Analyzer. And when you want to convert a curl command into code for your preferred language, use the Curl to Code Converter.

The properties comparison table at the bottom of the page gives you a quick side-by-side view of safe, idempotent, and cacheable attributes for every method. You can filter methods by property or search by name and description. All data is static and rendered entirely in your browser — no network requests are made, and no data leaves your machine.

How to Use

  1. Browse the method cards below to review each HTTP method's description, properties, and typical status codes.
  2. Use the Search field to find a specific method by name, description, or use case.
  3. Click All, Safe, Unsafe, or Idempotent to filter methods by their properties.
  4. Click Show examples on any method card to expand the curl command and raw HTTP request/response examples.
  5. Click Copy next to the curl example to copy the command to your clipboard.
  6. Scroll down to the Properties Comparison table for a side-by-side overview of all methods.
  7. Press Ctrl+Shift+C to copy a text summary of all methods and their properties.

Popular HTTP Method Examples

View all HTTP method examples →

FAQ

What is the difference between PUT and PATCH?

PUT replaces the entire target resource with the request payload — you must send all fields, even those that have not changed. PATCH applies a partial modification, so you only send the fields you want to update. PUT is idempotent by definition, while PATCH is not guaranteed to be idempotent, although many implementations treat it as such.

What does 'safe' mean for an HTTP method?

A safe method is one that should not alter the state of the server. GET, HEAD, OPTIONS, and TRACE are safe. This means clients and intermediaries (like CDNs and proxies) can freely cache, prefetch, or retry these requests without worrying about side effects.

What does 'idempotent' mean?

An idempotent method produces the same result whether it is called once or multiple times with identical parameters. GET, HEAD, PUT, DELETE, OPTIONS, and TRACE are idempotent. POST and PATCH are not — calling POST twice typically creates two resources.

When should I use POST vs PUT?

Use POST when the server determines the URI of the new resource (e.g., POST /users creates a user and returns its ID). Use PUT when the client specifies the exact URI (e.g., PUT /users/42 creates or replaces user 42). POST is for creation with server-assigned IDs; PUT is for creation or full replacement at a known URI.

Why is TRACE considered dangerous?

TRACE reflects the request back to the client, which can expose sensitive headers such as cookies and authorization tokens to cross-site scripting (XSS) attacks — a technique known as Cross-Site Tracing (XST). Most modern web servers disable TRACE by default for this reason.

What is a CORS preflight request?

When a browser makes a cross-origin request that is not 'simple' (e.g., it uses a custom header or a method other than GET/HEAD/POST), the browser first sends an OPTIONS request to the server to check whether the actual request is allowed. This is the CORS preflight. The server responds with Access-Control-Allow-* headers to grant or deny access.

Is my data safe?

Yes. This tool is a static reference that runs entirely in your browser. No data is sent to any server, no network requests are made, and nothing is stored. You can verify this by checking the Network tab in your browser's developer tools.

Related Tools

HTTP Status Codes

Browse, search, and learn about all HTTP status codes with detailed explanations.

HTTP Header Analyzer

Fetch and analyze HTTP response headers for any URL. Check security headers, caching, CORS, and more.

Curl to Code Converter

Convert curl commands to Python, JavaScript fetch, PHP, Go, and more programming languages.

URL Encode/Decode

Encode and decode URLs, parse query parameters, and build query strings.

Content-Type Header Builder

Build Content-Type headers with the correct MIME type, charset, and boundary parameters. Copy as header or curl flag.

HTTP/2 vs HTTP/3 Comparison

Side-by-side comparison of HTTP/1.1, HTTP/2, and HTTP/3 protocols with feature details, performance characteristics, and migration guides.