Following fields is included in the response:

• content_length: Length of the request body.
• env: Environment variables provided in the configuration.
• headers: Request headers.
• host: Host and port of the server.
• method: HTTP method of the request.
• url: Request URL.
• proto: HTTP protocol version.
• remote: Remote address of the client.
• env: Variables from the process environment that match the ENV_* prefix.
• tls: TLS details if the request was made over HTTPS.
  • alpn_negotiated_protocol: Application Layer Protocol Negotiation protocol.
  • cipher_suite: Cipher suite used in the connection.
  • peer_certificates: Peer certificates in PEM format if the client provided a certificate.
  • peer_certificates_decoded: Decoded peer certificate details if the client provided a certificate.
    • subject: Subject of the certificate.
    • issuer: Issuer of the certificate.
    • serial_number: Serial number of the certificate.
    • not_before: Not before date of the certificate.
    • not_after: Not after date of the certificate.
  • version: TLS version.
• query: Query parameters of the request if the URL contains a query string.
• form: Form parameters of the request body, if the content type is application/x-www-form-urlencoded.
• cookies: Cookies in the request if the request had a Cookie header.
• body: Request body.
• jwt: JWT claims if the request had JWT in the Authorization header.
  • header: JWT header.
  • claims: JWT claims.
    • If the claims field contains iat or exp claims, they are converted to human-readable format and added as iat_date and exp_date fields (these fields are added by the server and are not part of the original token).
• basic_auth: Basic authentication credentials if the request had Authorization header with Basic scheme.
  • username: Username.
  • password: Password.

$ http --cert testdata/certs/client.pem --cert-key testdata/certs/client-key.pem --verify testdata/certs/ca.pem https://localhost:8443/foobar

{
    "content_length": 0,
    "headers": {
        "Accept": [
            "*/*"
        ],
        "Accept-Encoding": [
            "gzip, deflate"
        ],
        "Connection": [
            "keep-alive"
        ],
        "User-Agent": [
            "HTTPie/3.2.4"
        ]
    },
    "host": "localhost:8443",
    "method": "GET",
    "proto": "HTTP/1.1",
    "remote": "[::1]:57961",
    "tls": {
        "alpn_negotiated_protocol": "http/1.1",
        "cipher_suite": "TLS_AES_128_GCM_SHA256",
        "peer_certificates": "-----BEGIN CERTIFICATE-----\nMIIBRTCB7aADAgECAggYXbRNl099CjAKBggqhkjOPQQDAjANMQswCQYDVQQDEwJj\nYTAeFw0yNTA4MjEwNjI3NTVaFw0yNjA4MjEwNjI3NTVaMBExDzANBgNVBAMTBmNs\naWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPhO4qIu71Cm5Ox5U5Pb6Og2\n4EMh/lWU4+OGDBkHIRXtyKTZCXzH5a1vQ0TO1jq6sjShZR8ihDYXRuPfcNVefj6j\nMzAxMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBQGgzaN2tRzErVZCEe7Ucju\nTY5XBzAKBggqhkjOPQQDAgNHADBEAiB+Oc4DPody43cZ0e+MY7F63DnIPM5xtgwR\nG6IYdhXiAwIgYxOlBxxupGDvvhXyS7IV8KadGD8LVm8G059OJC9vIG0=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAggYXbRNlzUisDAKBggqhkjOPQQDAjANMQswCQYDVQQDEwJj\nYTAeFw0yNTA4MjEwNjI3NTVaFw0yNjA4MjEwNjI3NTVaMA0xCzAJBgNVBAMTAmNh\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFWG+fC3bE4X0oOHIGbH0d1VY1vQc\nDeu/ey1+bCXTsyFLld8rwk5KDjPGI+QGlL5lnEVYWZUQ8QQLYQLhK//uKKNCMEAw\nDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAaDNo3a\n1HMStVkIR7tRyO5NjlcHMAoGCCqGSM49BAMCA0gAMEUCIAJLtjBdGvDYO18xZ2wI\nJYyzoxN8K4I5VodVwuF/4J5cAiEAmMeY8VbFFKBRLJhnd2wPHaK3pbbMozJ99nSC\nI2xUCvs=\n-----END CERTIFICATE-----\n",
        "peer_certificates_decoded": [
            {
                "issuer": "CN=ca",
                "not_after": "2026-08-21T06:27:55Z",
                "not_before": "2025-08-21T06:27:55Z",
                "serial_number": "1755757675088411914",
                "subject": "CN=client"
            },
            {
                "issuer": "CN=ca",
                "not_after": "2026-08-21T06:27:55Z",
                "not_before": "2025-08-21T06:27:55Z",
                "serial_number": "1755757675086684848",
                "subject": "CN=ca"
            }
        ],
        "version": "TLS 1.3"
    },
    "url": "/foobar"
}

By default, this endpoint returns an HTTP 200 OK status code. You can modify the status code using the set query parameter. The server will persist the updated status code, and subsequent requests to /status will return the new status code until it is changed again.

code is the HTTP status code set by the set query parameter or 200 OK by default. Body contains the request details in JSON format as described in the /* endpoint.

$ http GET http://localhost:8080/status

HTTP/1.1 200 OK
Content-Length: 0
Date: Fri, 29 Nov 2024 06:24:46 GMT

... Request details in JSON format ...

$ http GET http://localhost:8080/status?set=503

HTTP/1.1 503 Service Unavailable
Content-Length: 0
Date: Sun, 19 Oct 2025 18:05:20 GMT

... Request details in JSON format ...

code is the HTTP status code specified in the URL path. Body contains the request details in JSON format as described in the /* endpoint.

Optionally, you can include additional HTTP headers in the response by providing a JSON object in the body or using a query string.

$ http POST http://localhost:8080/status/301 Location=http://localhost/bar

Body of the request

{
  "Location": "http://localhost/bar"
}

Response:

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Date: Fri, 29 Nov 2024 06:10:25 GMT
Location: http://localhost/bar

... Request details in JSON format ...

$ http "http://localhost:8080/status/200?Set-Cookie=foo%3Dbar&Set-Cookie=hello%3Dworld"

Response:

HTTP/1.1 200 OK
Content-Length: 0
Date: Sun, 15 Dec 2024 12:00:06 GMT
Set-Cookie: foo=bar
Set-Cookie: hello=world

... Request details in JSON format ...

Server will respond with Content-Type: text/event-stream with the following content:

$ http http://localhost:8080/sse

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/event-stream
Date: Wed, 19 Feb 2025 10:10:15 GMT
Transfer-Encoding: chunked

data: { "counter": "1", "timestamp": "2025-02-19T12:10:15+02:00" }

data: { "counter": "2", "timestamp": "2025-02-19T12:10:16+02:00" }
...

Accepts POST requests with bodies of any size. Responds with the total number of bytes received, rather than request details.

Following fields is included in the response:

• bytes_uploaded: Length of the request body.

$ dd if=/dev/zero bs=10M count=1 | http POST http://localhost:8080/upload

HTTP/1.1 200 OK
content-length: 26
content-type: application/json
date: Thu, 21 Aug 2025 12:27:06 GMT
server: envoy
x-envoy-upstream-service-time: 0

{
    "bytes_uploaded": 1048576
}

To upload a file, while throttling the upload speed to 1MB/s at the server side:

$ dd if=/dev/zero bs=10M count=1 | http http://localhost:8080/upload?throttle=1M

Accepts GET requests and responds with a binary stream of bytes. The number of bytes can be specified with the bytes query parameter. The default size for the download is 1MB. The response body consists of a sequence of bytes from 1 to 256.

Download the default 1MB file:

$ http --download http://localhost:8080/download --output download.bin

Response headers:

HTTP/1.1 200 OK
content-length: 1048576
content-type: application/octet-stream
date: Thu, 21 Aug 2025 16:37:15 GMT
server: envoy
x-envoy-upstream-service-time: 0

Download a 10-byte file:

$ http --download http://localhost:8080/download?bytes=10 --output download.bin

Download a 10MB file while throttling the upload speed to 1MB/s at the server side:

$ http --download http://localhost:8080/download?bytes=10M\&throttle=1M --output download.bin

This endpoint provides Prometheus-compatible metrics for monitoring the server.

$ http GET http://localhost:8080/metrics

# HELP http_requests_total Total number of HTTP requests received.
# TYPE http_requests_total counter
http_requests_total{method="GET",status_code="200"} 5
...

See metrics.go for details about the available metrics.

A JavaScript application that enables users to make HTTP requests towards the echoserver using different methods and view the responses.

An HTML form that enables data submission using both POST and GET methods towards the echoserver.

OAuth2-aware JavaScript application that implements the Authorization Code flow. It allows users to interactively trigger login/refresh/logout and to make authenticated requests towards the echoserver and view the responses.

A JavaScript application that uses the Keycloak-js JavaScript adapter to authenticate users.

A JavaScript application that makes Server-Sent Events (SSE) or WebSocket connection towards the echoserver and displays the responses.