LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Which HTTP method does a login form use to send credentials to the server, and why not GET?

POST — the form's action/method sends the username and password in the request body, not in the URL.

A login <form method="POST" action="/auth"> submits credentials in the request body. GET would append them to the URL as query parameters (/auth?user=tino&pass=12345), which is bad because URLs are:

  • written to browser history and server access logs
  • visible in the address bar and sent in the Referer header
  • cached and bookmarked

POST bodies avoid all of that. (Note: on plain HTTP a POST body is still readable on the wire — only HTTPS actually encrypts it. POST vs GET is about where the data sits, not about encryption.)

Tip: You can always find which method a form uses by reading its HTML action and method attributes in the page source.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 05, 2026