HTTP Request
The original HTTP/0.9 draft provide only a single methode (or “verb”) for requesting a document: GET … then things got crazier…
tl;dr: request methods: indicate the desired action to be performed for a given resource: GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE, CONNECT, PATCH
GET
information retrieval
POST
submitting information
HEAD
rarely used, information retrieval identical to GET, but without the response body
OPTIONS
metarequest that returns the set of a supported methods for a particular URL in a response header almost never used, except for server fingerprinting.
PUT
uploading file to the server at a specified target URL because browsers do not support PUT, intentional file-upload capabilities are almost always implemented through POST Having said that, some nonweb HTTP clients and server may use PUT. Potential vulnerability: when webserver process PUT request indiscriminately.
DELETE
method to delete a specified resource rarely used
TRACE
from of ping request that returns information about all the proxy hops involved. TRACE request are not issued by web browser. primary used for security testing, for reconnaissance of internal architecture
CONNECT
reserved for establishing non-HTTP connections through HTTP proxies. it is not meant to be issued directly to the servers Security consideration: if the server supports CONNECT request, it may pose a security risk by offering an attacker a way to tunnel TCP traffic into an otherwise protected network.
PATCH
to apply partial modification to a resource
Other HTTP Methods
ex: WebDAV, authoring & version-control protocol (RFC4918)
Reference:
The Tangled Web: by Michal Zalewski <– highly recommended