Maximum length of HTTP GET request

Asked 17/4, 2010 at 20:32 Answered 24/5, 2018 at 13:5

591

What's the maximum length of an HTTP GET request?

Is there a response error defined that the server can/should return if it receives a GET request that exceeds this length?

This is in the context of a web service API, although it's interesting to see the browser limits as well.

Counterbalance answered 17/4, 2010 at 20:32 Comment(4)

possible duplicate of What is the maximum length of a URL? – Prolate 25/12, 2012 at 10:9

@Prolate It has absolutely nothing whatsoever to do with the maximum length of a URL. The question is about the maximum length of a request that is sent to a URL. – Dulci 26/3, 2015 at 9:15

@EJP the 'data' contents of a GET is not more then a URI. – Prolate 26/3, 2015 at 14:45

@JimAho your comment is a duplicate of the first comment too..... – Phail 28/5, 2018 at 17:22

546

The limit is dependent on both the server and the client used (and if applicable, also the proxy the server or the client is using).

Most servers and clients have a limit of 8192 bytes (8 KB), which is usually configurable somewhere in the server or client settings. The HTTP specification recommends 8000 octets in section 4.1:

It is RECOMMENDED that all senders and recipients support, at a minimum, URIs with lengths of 8000 octets in protocol elements. Note that this implies some structures and on-wire representations (for example, the request line in HTTP/1.1) will necessarily be larger in some cases.

But this is thus not required. The limit is generally lower in older clients. For example Internet Explorer had a limit of about 2 KB. The previous version of the HTTP specification even literally states the following:

Note: servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths.

If the limit is exceeded in either the browser or the server, most will just truncate the characters outside the limit without any warning. Some servers however may send an HTTP 414 'URI Too Long' error.

If you need to send large data, then better use POST instead of GET. Its limit is much higher, but more dependent on the server used than the client. Usually up to around 4 GB is allowed by the average web server. This is also configurable somewhere in the server settings. The average server will display a server-specific error/exception when the POST limit is exceeded, usually as an HTTP 500 error.

Rijeka answered 17/4, 2010 at 20:44 Comment(11)

You answer the question in terms of browser limitations. Do you know if there are any differences between GET and POST (in terms of problematic request size) if, say, HttpClient is used to interact with a REST server? – Hovis 12/2, 2013 at 21:50

Sure, POST use the body to send the data. The HTTP specification doesn't impose a specific size limit for posts. – Learning 17/7, 2013 at 13:45

It's perfectly allowed by the Http specs to put a body in GET and DELETE requests. I've tested it in Java, and it works. Unfortunately here again some proxys could cut the full body. – After 11/4, 2014 at 21:6

Get and Post method has a very specific meaning, so using a POST to perform a GET is the same as using as using a hammer to break an egg. – Monde 8/5, 2015 at 15:17

I've also received a 413 response for this (from Solr), even though it really should have been a 414 according to the spec. – Gaut 29/7, 2015 at 22:27

@Monde That's idealistically true, but GET also has limitations that POST/PUT do not. For example, suppose you want to perform a very long query involving a bunch of ids; if you're selecting on hundreds of ids, that can breach the limit of the allowable URL size, whereas putting that query in a POST can avoid that, even if it doesn't make as much sense conceptually. Personally, I wish HTTP allowed GET requests to have bodies just like PUT and POST. – Gaut 29/7, 2015 at 22:37

Why is PUT not suggested as an alternative solution? It is idempotent, just like GET, so is that not actually more suitable than using POST? – Saccharin 3/2, 2017 at 20:3

Some REST API's like to stick to the standard correct method when interacting with data. using POST on a route where you recieve ( GET ) something can be misleading. However, i do see the need for using the body to send lengthy data, where in GET the URL can only hold so much as explained in this answer. – Nagaland 23/5, 2019 at 1:35

Some REST APIs do not allow you to request data at all with anything other than GET (which is how it should be). There is no choice of a POST request in these cases. – Faker 19/2, 2020 at 17:14

whats the usual max in 2022? – Throw 28/5, 2022 at 6:35

@Hovis so, I just fixed a bug in an Angular website where we were passing a fairly large (but not HUUUGE) string as a parameter in the URI for a POST. It was producing intermittent issues that were being incorrectly reported in the browser console as CORS issues. Anyhow, changing that parameter to be included in a [FromBody] object fixed it, no issues at all. Js – Peart 24/6, 2022 at 22:21

159

You are asking two separate questions here:

What's the maximum length of an HTTP GET request?

As already mentioned, HTTP itself doesn't impose any hard-coded limit on request length; but browsers have limits ranging on the 2 KB - 8 KB (255 bytes if we count very old browsers).

Is there a response error defined that the server can/should return if it receives a GET request exceeds this length?

That's the one nobody has answered.

HTTP 1.1 defines status code 414 Request-URI Too Long for the cases where a server-defined limit is reached. You can see further details on RFC 2616.

For the case of client-defined limits, there isn't any sense on the server returning something, because the server won't receive the request at all.

Schmaltz answered 17/4, 2010 at 20:55 Comment(0)

Browser limits are:

Browser           Address bar    document.location
                                 or anchor tag
---------------------------------------------------
Chrome                32779           >64k
Android                8192           >64k
Firefox                >64k           >64k
Safari                 >64k           >64k
Internet Explorer 11   2047           5120
Edge 16                2047          10240

Want more? See this question on Stack Overflow.

Phonoscope answered 24/5, 2018 at 13:5 Comment(0)

A similar question is here: Is there a limit to the length of a GET request?

I've hit the limit and on my shared hosting account, but the browser returned a blank page before it got to the server I think.

Madonia answered 17/4, 2010 at 20:33 Comment(0)

Technically, I have seen HTTP GET will have issues if the URL length goes beyond 2000 characters. In that case, it's better to use HTTP POST or split the URL.

Ernestinaernestine answered 25/6, 2013 at 19:39 Comment(0)

As already mentioned, HTTP itself doesn't impose any hard-coded limit on request length; but browsers have limits ranging on the 2048 character allowed in the GET method.

Elburt answered 8/7, 2016 at 13:41 Comment(0)

-7

Yes. There isn't any limit on a GET request.

I am able to send ~4000 characters as part of the query string using both the Chrome browser and curl command.

I am using Tomcat 8.x server which has returned the expected 200 OK response.

Here is the screenshot of a Google Chrome HTTP request (hiding the endpoint I tried due to security reasons):

RESPONSE

Lavoie answered 3/9, 2017 at 16:11 Comment(0)

Recommended topics

Hot tags