Skip to content

HTTP QUERY Method Adoption

RFC 10008 was published in June 2026. The spec exists. The question now is: where can you actually use QUERY today without something breaking along the way?

Short answer: it depends on how many intermediaries sit between your client and your server. The method itself works in more places than most people assume — the problem is the components in the middle that nobody updates.

“The problem with the internet is that there always will be components that are not going to get updated” — u/good_live, Reddit (130 upvotes)

This page documents the real state of support, no hype.


Technology Status Notes How to use
Go (net/http) ✅ Works Go 1.22+ accepts any method in ServeMux and http.NewRequest mux.HandleFunc("QUERY /path", handler)
Node.js (core) ✅ Works Native support added (issue #51562) — llhttp accepts QUERY http.request({ method: 'QUERY', ... })
Fastify ✅ Via config Not in default method list; requires registration with addHttpMethod fastify.addHttpMethod('QUERY'); fastify.route({ method: 'QUERY', ... })
Express.js ⚠️ Middleware Express doesn’t block unknown methods, but has no native helper app.all('/path', (req, res) => { if (req.method === 'QUERY') ... })
NestJS ⚠️ Workaround Depends on HTTP adapter (Express/Fastify). No @Query() route decorator Custom decorator or middleware
Python (httpx) ✅ Works httpx.request() accepts any string as method httpx.request('QUERY', url, content=body)
Python (requests) ✅ Works requests.request() accepts arbitrary methods requests.request('QUERY', url, data=body)
Python (Flask) ⚠️ Config Must declare method explicitly on the route @app.route('/path', methods=['QUERY'])
Python (Django) ⚠️ Workaround Class-based views need custom dispatch() Override dispatch or use middleware
Ruby on Rails ⏳ Proposal open Active proposal to add query routing helper Waiting for merge; today works via match via: :query
Spring Boot (Java) ⚠️ Workaround @RequestMapping has no RequestMethod.QUERY; needs extension No @QueryMapping — requires custom filter or HandlerMapping
ASP.NET Core ⚠️ Workaround No [HttpQuery] attribute; can use [AcceptVerbs("QUERY")] [AcceptVerbs("QUERY")] on controller action
PHP (native) ✅ Works $_SERVER['REQUEST_METHOD'] reports whatever method the web server forwards Works if the web server passes the request through
Rust (Actix Web) ⚠️ Macro Requires .route() with custom guard web::route().guard(guard::Method(Method::from_str("QUERY")))
Rust (Hyper) ✅ Works http::Method accepts arbitrary extensions Method::from_bytes(b"QUERY")
Technology Status Notes How to use
Nginx ⚠️ Passes through Nginx forwards unknown methods to upstream without rejecting, but doesn’t optimize (no method-based caching). Extra module needed for caching proxy_pass works. Cache: configure proxy_cache_methods manually
Caddy ⚠️ Passes through Similar to Nginx — forwards without blocking, no explicit QUERY cache support reverse_proxy works natively
Apache httpd ⚠️ Config mod_proxy forwards, but Limit/LimitExcept may block if configured restrictively Remove LimitExcept restrictions if present
HAProxy ⚠️ Depends Current versions forward unknown methods by default. ACLs with method can filter acl is_query method QUERY works for routing
Envoy ⚠️ Passes through Doesn’t block unknown methods, but doesn’t apply safe/idempotent logic Works as transparent proxy
Traefik ⚠️ Passes through Forwards without intervention; no special QUERY rules Works as transparent proxy
Technology Status Notes How to use
Cloudflare Workers ✅ Works request.method returns any method; no blocklist if (request.method === 'QUERY') { ... }
Cloudflare CDN (cache) ⏳ No cache CDN doesn’t auto-cache responses to non-standard methods Workers + Cache API for manual control
AWS CloudFront ❌ May reject CloudFront has a method allowlist (GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE). QUERY is not on it Not supported without custom origin passthrough
AWS ALB ⚠️ Uncertain ALB may return 405 for unrecognized methods depending on configuration Test first; may need NLB instead of ALB
Fastly ⚠️ VCL config Arbitrary method support via VCL, but no default caching Custom VCL: if (req.method == "QUERY") { ... }
Vercel Edge ✅ Works Workers-based — accepts any method request.method === 'QUERY'
Akamai ⏳ Waiting RFC co-author (Mark Bishop) is from Akamai. Native support expected Monitor announcements
Technology Status Notes How to use
fetch API (all browsers) ✅ Works fetch() accepts any string in method fetch(url, { method: 'QUERY', body: ... })
XMLHttpRequest ✅ Works .open() accepts arbitrary methods xhr.open('QUERY', url)
curl ✅ Works -X QUERY works. Daniel Stenberg (curl author) is already discussing native support with -d + QUERY curl -X QUERY -d '{"filter":"value"}' url
HTTPie ✅ Works Accepts arbitrary methods http QUERY url field=value
Postman ✅ Works Method field accepts free text Type “QUERY” in the method dropdown
Insomnia ✅ Works Same as Postman Edit method manually
Technology Status Notes How to use
OpenAPI/Swagger ⏳ No support OpenAPI 3.1 spec doesn’t list QUERY as a valid operation Waiting for spec update
gRPC-Web ❌ N/A Uses POST exclusively
GraphQL (transport) ⏳ Possible Would be the ideal transport for GraphQL query operations, but clients use POST/GET Waiting for client adoption
Kong Gateway ⚠️ Plugin Rate-limit and auth plugins may not recognize QUERY as “safe” Configure plugins to accept QUERY
API Gateways (generic) ⚠️ Variable Most block or ignore methods outside the standard list Test individually

QUERY works end-to-end when every component between client and server accepts the method. In practice, several intermediaries can cause problems:

Corporate firewalls and Web Application Firewalls often maintain an allowlist of HTTP methods. QUERY is not on that list. Result: 403 Forbidden or 405 Method Not Allowed silently.

AWS ALB and Classic ELB return 405 for methods outside the standard list. If you’re on AWS, consider Network Load Balancer (NLB) which operates at layer 4 and doesn’t inspect the HTTP method.

CloudFront explicitly lists which methods it accepts. If your CDN doesn’t recognize QUERY, the request never reaches your origin.

In enterprise environments, HTTP proxies (Squid, Blue Coat, Zscaler) may reject unknown methods. Anything sitting between the browser and your server is a potential failure point.

Spring Boot, Django, Rails — opinionated frameworks often have a closed list of accepted methods. If you don’t configure explicitly, the framework returns 405 before the request reaches your handler.

Kong, AWS API Gateway, Apigee — most validate the HTTP method before routing. An unconfigured QUERY simply disappears.

Tools like Datadog, New Relic, and Splunk may categorize QUERY as “unknown” or ignore metrics. Dashboards break silently.

If you control the entire stack (client → server, no third-party intermediaries), you can use QUERY today. If there’s any component you don’t control in the path, test before assuming it works.


The community is right to be skeptical about adoption speed. Let’s look at historical precedent:

Milestone Date
First draft published 2003
RFC published March 2010
Rails support ~2012
Django REST Framework support ~2013
Spring support ~2013
Widespread use in APIs ~2015–2016
Universal support (CDNs, gateways, tools) ~2018–2020

From RFC to widespread use: ~5–6 years. From RFC to universal support: ~8–10 years.

Phase Estimate
RFC published June 2026 ✅
Major frameworks add native support 2027–2028
CDNs and load balancers recognize natively 2028–2030
OpenAPI includes in spec 2027–2028
Widespread use in public APIs 2030–2032
“Works everywhere without thinking” 2033–2036
  • RFC authors are from Cloudflare and Akamai — two of the world’s largest CDNs. Direct incentive for native support.
  • Node.js already had support before the final RFC.
  • fetch() in browsers already works — no browser update needed.
  • GraphQL and complex APIs create immediate demand.
  • PATCH didn’t need special CDN support (not cacheable by default). QUERY does — and caching with a body is complex.
  • Legacy intermediaries (Squid, corporate proxies) won’t update.
  • Organizational inertia: if POST /search works, why change?

Expect 3–5 years to use QUERY in public APIs without worry. For internal APIs where you control the stack, you can start today.


  1. Open issues on the frameworks you use requesting native QUERY support
  2. Test with your stack and document what works and what doesn’t
  3. Implement in internal APIs to gain real-world experience
  4. Contribute PRs to add support in open source projects
  5. Report blockers in CDNs and gateways so vendors know demand exists

Last updated: July 2026. This page is updated periodically as the ecosystem evolves. If you found outdated information or tested a technology not listed here, open an issue or contribute directly.

Legend: ✅ Works natively | ⚠️ Works with configuration/workaround | ⏳ Support expected/in progress | ❌ Doesn’t work / blocks