Allow Get request but only in my domain?

Question

On my site i can trigger certain things using GET request like the ability to hide or delete a comment. I am not very worried but it would be pretty annoying if someone design a

Answer 1

should i use POST instead? Would POST slow the site down? There are very little cookies so a browser may submit cookies and POST with one packet however i dont know if POST and cookies must be seperate.

Yes, it is better to use POST in your case for lowering the security risk. And don't favor speed over security, go with the POST and yes post and cookie won't clash with each other.

In the end, i would suggest you to go for the html purifier for making your urls and forms safe.