ToolBelt

HTTP Request Tester

Send any HTTP request and inspect the full response.

Open tool

Overview

The HTTP request tester sends an arbitrary request — any method, any URL, any combination of headers and body — through a server-side client and shows the full response, status line and all. Build a quick test without firing up Postman, share a one-off curl alternative with a teammate, or sanity-check an API endpoint from a sandboxed environment that has no shell.

Backend developers iterating on a new endpoint, integration engineers reproducing a customer's bug report, and support staff verifying webhook delivery all need a browser-based HTTP request tester. Long-tail keywords covered: send custom HTTP request online, test POST with JSON body, and inspect API response headers and body.

How it works

The form translates your inputs into a single outbound request. Method, URL, headers (any number), and body are sent through a shared HTTP client with a 10-second timeout, a fixed User-Agent, and URL safety checks that block private IP ranges. The response is fully buffered — status code, response headers, content-type-aware body rendering (pretty-printed JSON or XML, raw bytes for binary), and elapsed time.

Because the request originates from the server, not your browser, CORS does not apply and cookies are not attached. That is usually what you want when testing public APIs but it means authenticated endpoints requiring a browser session will not work directly — pass the token explicitly in an Authorization header instead.

Examples

  • GET https://api.github.com/users/octocat with Accept: application/json → returns the public profile JSON.
  • POST https://httpbin.org/post with Content-Type: application/json and body {"hello":"world"} → echoes the request back.
  • PUT https://api.example.com/items/42 with a custom auth header and a JSON body → exercises an idempotent update.
  • DELETE https://api.example.com/cache with no body → confirms an admin endpoint accepts the verb.

FAQ

Can I send credentials?

Yes — set the Authorization header explicitly, or attach a Cookie: header. Nothing is persisted between requests.

Why is private IP traffic blocked?

The outbound client guards against SSRF by refusing loopback, RFC 1918, and link-local addresses. If you need to test a private endpoint, run the request locally.

How big can the response body be?

The client buffers up to a few megabytes. Larger responses are truncated with a notice.

Are timeouts configurable?

A fixed 10-second timeout applies to keep the shared client predictable. Anything that needs longer is probably better tested with a local script.

Try HTTP Request Tester

An unhandled error has occurred. Reload ×