Verdict: The new HTTP QUERY method (RFC 10008) is the most significant change to the web's foundational protocol since 2010. It solves the "safe search" problem by allowing complex, body-based requests that remain cacheable and idempotent, effectively ending the era of abusing POST for read-only operations.
Last verified: 2026-07-05 · Standard: RFC 10008 (June 2026) · Status: Proposed Standard · Key Advantage: Safe, idempotent search with request bodies.
What is the HTTP QUERY method?
The HTTP QUERY method is a new request verb that allows a client to send a structured request body to a server for read-only operations. Unlike the GET method, which is restricted by URL length limits (typically ~8KB) and forces parameters into a query string, QUERY supports complex payloads (JSON, SQL, GraphQL) while remaining safe and idempotent.
This means that unlike a POST request, a QUERY request:
- Can be safely retried by browsers and proxies if it fails.
- Is cacheable by CDNs and edge networks (if configured correctly).
- Does not imply side effects (like creating a user or processing a payment).
Why did we need a new HTTP method?
For over 15 years, developers have been stuck between two suboptimal choices for complex data retrieval:
| Approach | The Problem | The Result |
|---|---|---|
| GET with Params | URL length limits (8KB) and logging risks. | Broken links and leaked PII in logs. |
| POST for Search | Not safe, not idempotent, not cacheable. | Double-submissions and high server load. |
RFC 10008, published in June 2026, fills this gap. It provides a semantic home for operations like "find all orders where amount > 1000 and status is pending" without hitting the limits of GET or the risks of POST.
How to use the QUERY method in 2026
Implementing QUERY requires a few specific headers and behaviors to comply with the new standard.
1. The Request Structure
A QUERY request must include a Content-Type header to describe the query format.
QUERY /api/v1/orders HTTP/1.1
Host: api.shaam.blog
Content-Type: application/json
Accept-Query: application/json
{
"filters": {
"status": "shipped",
"min_value": 500
},
"sort": "-created_at"
}
2. Discovering Support
Clients can use the OPTIONS method to check if a server supports QUERY. The server should respond with the Accept-Query header listing supported media types.
OPTIONS /api/v1/orders HTTP/1.1
Host: api.shaam.blog
HTTP/1.1 204 No Content
Allow: GET, POST, QUERY, OPTIONS
Accept-Query: application/json, application/sql
3. Caching Semantics
Because QUERY is safe and idempotent, responses are cacheable. However, the cache key must include the request body hash in addition to the URL. This is a major shift for CDN providers like Cloudflare and Akamai, who are rolling out native RFC 10008 support throughout 2026.
What this means for you
If you are building AI-native applications or complex dashboards, QUERY is your new best friend. It allows you to:
- Send Vector Search Payloads: No more encoding 1536-dimension embeddings into a URL.
- Run SQL-over-HTTP: Services like Neon and PlanetScale are already adopting
QUERYfor their HTTP-based drivers. - Improve Reliability: Because
QUERYis idempotent, your frontend can automatically retry failed searches without worrying about duplicating state.
FAQ
Q: Is QUERY just a POST with a different name?
A: No. While they both have bodies, QUERY is semantically safe and idempotent. This tells proxies, CDNs, and browsers that it is safe to cache and retry, which POST does not allow.
Q: Can I use QUERY in the browser today?
A: As of mid-2026, major browsers (Chrome 148+, Firefox 140+) have added native fetch() support for QUERY. For older clients, developers are using the X-HTTP-Method-Override: QUERY header with a POST request as a bridge.
Q: Does QUERY replace GraphQL?
A: Not directly. GraphQL is a query language; QUERY is a transport method. You can (and should) send your GraphQL operations over the QUERY method instead of POST to gain caching benefits.
Q: Should I move all my GET requests to QUERY?
A: No. If your query is simple and fits in a URL, GET is still superior for its ease of sharing and zero-body overhead. Use QUERY for complex filters that would otherwise break GET.
Discussion
0 comments