Should I use GET or POST when requesting sensitive data?

Question

Should I use GET or POST for retrieving sensitive data, given that:

• The response will contain sensitive data.
• There are side-eff

Answer 1

You should use GET for retrieving information from the server.

Auditing and logging would not be considered side-effects since they are transparent to the client.

Securing the response data can be done using SSL and "Cache-control: no-store". Once the sensitive data gets to the client, there's no way to stop them from doing whatever they want with it.