A GET request must put all query parameters directly in the URL, which Internet Service Providers log and harvest for ad targeting.
Why don't large search providers convert homepage search requests into POST requests to prevent URL snooping?
Why don't large search providers convert homepage search requests into POST requests to prevent URL snooping?
Two reasons:
Anybody who can see read target URI of a request can also read the message-body. Metadata and payload are all part of the same message.
Caching; all of the semantics of HTTP are described by the meta data, so that general purpose components can contribute to protocols without needing to understand the payload.
What REST does is concentrate that need for prior knowledge into readily standardizable forms. -- Fielding, 2008
In HTTP, one of those forms of prior knowledge that is shared by all general purpose components is that the target-uri can be used as the cache key for representations.