🧠 First: What is an immutable HTTP method?
In HTTP, a method is considered immutable (or safe) if:
- It does NOT change anything on the server.
- It’s supposed to be read-only (just retrieves data).
✅ Examples of immutable (safe) methods:
| Method | Safe? | What it does |
|---|---|---|
GET | ✅ Yes | Retrieves a resource (no changes) |
HEAD | ✅ Yes | Same as GET but no response body |
OPTIONS | ✅ Yes | Asks what methods are supported |
TRACE | ✅ Yes | Echoes the request for diagnostics |
🎯 Now, answering your question:
Which HTTP method is not immutable?
👉 POST is not immutable!
✅ POST is intended to:
- Create new resources
- Modify server-side data
- Submit forms
- Trigger side-effects (e.g., send email, update a database)
Thus, POST changes server state —
→ so it’s not immutable (not safe).
🚀 Other HTTP methods that are also not immutable:
| Method | Mutability | Purpose |
|---|---|---|
POST | Mutable | Create or process a resource |
PUT | Mutable | Replace a resource |
DELETE | Mutable | Remove a resource |
PATCH | Mutable | Partially update a resource |
All of these modify the server somehow.
🛠️ Quick Summary:
| HTTP Method | Immutable (Safe)? |
|---|---|
GET | ✅ Yes |
HEAD | ✅ Yes |
OPTIONS | ✅ Yes |
TRACE | ✅ Yes |
POST | ❌ No |
PUT | ❌ No |
DELETE | ❌ No |
PATCH | ❌ No |
⚡ Very simple memory trick:
| If the method | Then |
|---|---|
| Only reads / asks | ✅ Immutable (safe) |
| Creates / updates / deletes | ❌ Not immutable (unsafe) |