A GET should never change data on the server- use a POST request for that
I heard this recommendation countless times over the internet and always try my best to conform. But how should I implement UTM tracking, while staying compliant to this requirement at the same time? For example, http://example.com/?utm=r3ct59
by appending utm
url parameter to URL, I want to track from where my users are coming from. Shouldn't I update database when client sends GET request to this url? What are alternatives?
Best Answer
The key thing is that a GET request should never change the application state from the perspective of the end user - however it can make changes on the backend that are not visible to the user. RFC7231 discusses what the restrictions on GET (and other "safe" methods) are:
Just like every GET request made to you site will result in an entry being written to your log files, it's also perfectly acceptable for you to write an entry to your database for specific GET requests. However, in doing this, you might run into some unexpected requests being made with the UTM tags, such as:
This could result in duplicate or spurious entries in your tracking database, and then are your problem to deal with, not the fault of your users.