HTTP Safe and Idempotent Methods [RFC 2616]

Feb 14, 2020 RFC


All HTTP methods can be classified as safe or/and idempotent.

Method Definitions

The set of common methods for HTTP/1.1 is defined below. Although this set can be expanded, additional methods cannot be assumed to share the same semantics for separately extended clients and servers.

The Host request-header field MUST accompany all HTTP/1.1 requests.

Safe and Idempotent Methods

Safe Methods

The convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".

In short words: GET and HEAD SHOULD NOT cause any side-effects.

Idempotent Methods

Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property. Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and so are inherently idempotent.

Consider this:

  1. Use the DELETE method.
  2. The server deletes the resource.
  3. Use the same DELETE as in 1.
  4. The server cannot delete already gone resources. The server stays in the same state. You can repeat the same action, and the server still stays in the current state.

Source: https://tools.ietf.org/rfc/rfc2616.txt