Should I use GET or POST when requesting sensitive data?

Question

Should I use GET or POST for retrieving sensitive data, given that:

• The response will contain sensitive data.
• There are side-eff

Answer 1

In addition to Cássio Mazzochi Molin's excellent answer, you should use HTTPS but you should (generally) use:

• GET for retrieving sensitive data.
• POST for sending sensitive data.

The reason to use GET when retrieving is that the action does not have side-effects, therefore there is no reason to use POST. The only previously applicable reason to use POST was when retrieving JSON via AJAX, because old browsers had bugs meaning that another domain that the user had open in their browser could steal the data from the JSON using a