diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php
index 0c8ade54fd..307f18461b 100644
--- a/src/usr/local/www/pkg.php
+++ b/src/usr/local/www/pkg.php
@@ -94,13 +94,13 @@ $config_path = sprintf('installedpackages/%s/config', xml_safe_fieldname($pkg['n
 
 $evaledvar = config_get_path($config_path, []);
 
-if ($_REQUEST['act'] == "update") {
+if ($_POST['act'] == "update") {
 
-	if (is_array($config['installedpackages'][$pkg['name']]) && $pkg['name'] != "" && $_REQUEST['ids'] !="") {
+	if (is_array($config['installedpackages'][$pkg['name']]) && $pkg['name'] != "" && $_POST['ids'] !="") {
 		// get current values
 		$current_values=config_get_path("installedpackages/{$pkg['name']}/config");
 		// get updated ids
-		parse_str($_REQUEST['ids'], $update_list);
+		parse_str($_POST['ids'], $update_list);
 		// sort ids to know what to change
 		// useful to do not lose data when using sorting and paging
 		$sort_list=$update_list['ids'];
@@ -271,7 +271,7 @@ function save_changes_to_xml(xml) {
 	var strloading="<?=gettext('Saving changes...')?>";
 	if (confirm("<?=gettext("Confirmation Required to save changes.")?>")) {
 		$.ajax({
-			type: 'get',
+			type: 'post',
 			cache: false,
 			url: "<?=$_SERVER['SCRIPT_NAME']?>",
 			data: {xml:'<?=$xml?>', act:'update', ids: ids},
diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php
index d7e19f9032390e846bfac3e04fecd44b728abdc9..f3cd69afc4e03a296510a42ac4be9d26186fd825 100644
--- a/src/usr/local/www/services_captiveportal_vouchers.php
+++ b/src/usr/local/www/services_captiveportal_vouchers.php
@@ -42,7 +42,7 @@ require_once("voucher.inc");
 
 $cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
-if ($_REQUEST['generatekey']) {
+if ($_POST['generatekey']) {
 	include_once("phpseclib/Math/BigInteger.php");
 	include_once("phpseclib/Crypt/Hash.php");
 	include_once("phpseclib/Crypt/RSA.php");
@@ -477,8 +477,11 @@ events.push(function() {
 	var generateButton = $('<a class="btn btn-xs btn-warning"><i class="fa fa-refresh icon-embed-btn"></i><?=gettext("Generate new keys");?></a>');
 	generateButton.on('click', function() {
 		$.ajax({
-			type: 'get',
-			url: 'services_captiveportal_vouchers.php?generatekey=true',
+			type: 'post',
+			url: 'services_captiveportal_vouchers.php',
+			data: {
+				generatekey:           true,
+			},
 			dataType: 'json',
 			success: function(data) {
 				$('#publickey').val(data.public.replace(/\\n/g, '\n'));
diff --git a/src/usr/local/www/status_graph.php b/src/usr/local/www/status_graph.php
index 9d07802d5d819495ad6cabadc460b6e2fbc4d3c3..94a9add695370ecd79d400f723e591aa57c12673 100644
--- a/src/usr/local/www/status_graph.php
+++ b/src/usr/local/www/status_graph.php
@@ -296,7 +296,7 @@ function updateBandwidth() {
 	$.ajax(
 		'/bandwidth_by_ip.php',
 		{
-			type: 'get',
+			type: 'post',
 			data: $(document.forms[0]).serialize(),
 			success: function (data) {
 				var hosts_split = data.split("|");
diff --git a/src/usr/local/www/status_openvpn.php b/src/usr/local/www/status_openvpn.php
index 70c6aa56f81951356c294b7260219efd33e34563..9ab159a807b3e443329d02b61e9dafca6ce922dc 100644
--- a/src/usr/local/www/status_openvpn.php
+++ b/src/usr/local/www/status_openvpn.php
@@ -38,11 +38,11 @@ require_once("shortcuts.inc");
 require_once("service-utils.inc");
 
 /* Handle AJAX */
-if ($_REQUEST['action']) {
-	if ($_REQUEST['action'] == "kill") {
-		$port  = $_REQUEST['port'];
-		$remipp  = $_REQUEST['remipp'];
-		$client_id  = $_REQUEST['client_id'];
+if ($_POST['action']) {
+	if ($_POST['action'] == "kill") {
+		$port  = $_POST['port'];
+		$remipp  = $_POST['remipp'];
+		$client_id  = $_POST['client_id'];
 		if (!empty($port) and !empty($remipp)) {
 			$retval = openvpn_kill_client($port, $remipp, $client_id);
 			echo htmlentities("|{$port}|{$remipp}|{$retval}|");
@@ -83,9 +83,17 @@ include("head.inc"); ?>
 		$('img[name="i:' + mport + ":" + remipp + '"]').each(busy);
 
 		$.ajax(
-			"<?=$_SERVER['SCRIPT_NAME'];?>" +
-				"?action=kill&port=" + mport + "&remipp=" + remipp + "&client_id=" + client_id,
-			{ type: "get", complete: killComplete }
+			"<?=$_SERVER['SCRIPT_NAME'];?>",
+			{
+				type: "post",
+				data: {
+					action:           "kill",
+					port:		  mport,
+					remipp:		  remipp,
+					client_id:	  client_id
+				},
+				complete: killComplete
+			}
 		);
 	}
 
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php
index 8d32f5e158c35530f27e3a467467bbdbf7b129a3..624fe9b0ec292a9c13d891be4966bd9c871b7bfb 100644
--- a/src/usr/local/www/vpn_ipsec_phase1.php
+++ b/src/usr/local/www/vpn_ipsec_phase1.php
@@ -40,7 +40,7 @@ require_once("ipsec.inc");
 require_once("vpn.inc");
 require_once("filter.inc");
 
-if ($_REQUEST['generatekey']) {
+if ($_POST['generatekey']) {
 	$keyoutput = "";
 	$keystatus = "";
 	exec("/bin/dd status=none if=/dev/random bs=4096 count=1 | /usr/bin/openssl sha224 | /usr/bin/cut -f2 -d' '", $keyoutput, $keystatus);
@@ -1479,8 +1479,11 @@ foreach($pconfig['encryption']['item'] as $key => $p1enc) {
 	var generateButton = $('<a class="btn btn-xs btn-warning"><i class="fa fa-refresh icon-embed-btn"></i><?=gettext("Generate new Pre-Shared Key");?></a>');
 	generateButton.on('click', function() {
 		$.ajax({
-			type: 'get',
-			url: 'vpn_ipsec_phase1.php?generatekey=true',
+			type: 'post',
+			url: 'vpn_ipsec_phase1.php',
+			data: {
+				generatekey:           true,
+			},
 			dataType: 'json',
 			success: function(data) {
 				$('#pskey').val(data.pskey.replace(/\\n/g, '\n'));
diff --git a/src/usr/local/www/widgets/widgets/gmirror_status.widget.php b/src/usr/local/www/widgets/widgets/gmirror_status.widget.php
index e80aceb3c9e2fb951e29d55054df0cefc55be31d..3e4def89f5591318865775708959c0a76d7951df 100644
--- a/src/usr/local/www/widgets/widgets/gmirror_status.widget.php
+++ b/src/usr/local/www/widgets/widgets/gmirror_status.widget.php
@@ -38,7 +38,7 @@ require_once("gmirror.inc");
 //<![CDATA[
 function gmirrorStatusUpdateFromServer() {
 	$.ajax({
-		type: 'get',
+		type: 'post',
 		url: '/widgets/widgets/gmirror_status.widget.php',
 		dataType: 'html',
 		dataFilter: function(raw){
diff --git a/src/usr/local/www/widgets/widgets/openvpn.widget.php b/src/usr/local/www/widgets/widgets/openvpn.widget.php
index 4ca055fa4987884656b977c52b9b96bc1e628da1..5cdc12cd7c12588decb13b1113853ebe10f380c6 100644
--- a/src/usr/local/www/widgets/widgets/openvpn.widget.php
+++ b/src/usr/local/www/widgets/widgets/openvpn.widget.php
@@ -283,11 +283,11 @@ if (!function_exists('printPanel')) {
 }
 
 /* Handle AJAX */
-if ($_GET['action']) {
-	if ($_GET['action'] == "kill") {
-		$port = $_GET['port'];
-		$remipp = $_GET['remipp'];
-		$client_id  = $_GET['client_id'];
+if ($_POST['action']) {
+	if ($_POST['action'] == "kill") {
+		$port = $_POST['port'];
+		$remipp = $_POST['remipp'];
+		$client_id  = $_POST['client_id'];
 		if (!empty($port) and !empty($remipp)) {
 			$retval = openvpn_kill_client($port, $remipp, $client_id);
 			echo htmlentities("|{$port}|{$remipp}|{$retval}|");
@@ -409,9 +409,17 @@ $widgetkey_nodash = str_replace("-", "", $widgetkey);
 	function killClient(mport, remipp, client_id) {
 
 		$.ajax(
-			"widgets/widgets/openvpn.widget.php" +
-				"?action=kill&port=" + mport + "&remipp=" + remipp + "&client_id=" + client_id,
-			{ type: "get", complete: killComplete }
+			"widgets/widgets/openvpn.widget.php",
+			{
+				type: "post",
+				data: {
+					action:           "kill",
+					port:             mport,
+					remipp:           remipp,
+					client_id:        client_id
+				},
+				complete: killComplete
+			}
 		);
 	}