Read the Blog
Become an HTTP & debugging expert by subscribing to receive new posts like these emailed straight to your inbox:
Working with the new Idempotency Keys RFC
A brief introduction to OpenAPI
6 ways to debug an exploding Docker container
New ways to inject system CA certificates in Android 14
Android 14 blocks modification of system certificates, even as root
Apple already shipped attestation on the web, and we barely noticed
Leaking secrets through caching with Bunny CDN
Automatic npm publishing, with GitHub Actions & npm granular tokens
Dodge the next Dockerpocalypse: how to own your own Docker Registry address
EU Funding for Mobile App Traffic Interception
Debugging WebRTC, IPFS & Ethereum with HTTP Toolkit
Testing libraries for the Decentralized Web
How to intercept, observe & mock WebRTC traffic
Android Chrome 99 expands Certificate Transparency, breaking all MitM dev tools
Fighting TLS fingerprinting with Node.js
Reverse engineering & modifying Android apps with JADX & Frida
New HTTP standards for caching on the modern web
EU Funding for Dev Tools for the Decentralized Web
Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package
HTTPS certificate non-validation vulnerability in Node.js
Safari isn't protecting the web, it's killing it
Public CDNs Are Useless and Dangerous
Defeating Android Certificate Pinning with Frida
Encoding your HTTP for fun and profit
Build an HTTPS-intercepting JavaScript proxy in 30 seconds flat
One Port to Rule Them All
Defining a new HTTP method: HTTP QUERY
What are CORS proxies, and when are they safe?
Intercept and edit HTTP traffic from (almost) any Android app
How to intercept & debug all Java HTTPS
HTTPWTF
Cache your CORS, for performance & profit
Fixing DNS in Node.js
How to Index 226,379 API Endpoints
The right way to turn off your old APIs
Mining your CLI history for good git aliases
How do you know what's gone wrong when your API request fails?
Intercepting HTTPS on Android
Migrating a JS project from Travis to GitHub Actions
How to Debug Any CORS Error
Android 11 tightens restrictions on CA certificates
GraphQL the Simple Way, or: Don't Use Apollo
Inspecting Android HTTP with a fake VPN
How to Debug Node.js Segmentation Faults
Translating between HTTP/1 and HTTP/2
What's coming in TypeScript 4?
Bye bye Feature-Policy, hello Permissions-Policy
How will user-agent client hints work?
Ignore HTTP Client Errors At Your Peril
HTTP 555: User-Defined Resource Error
Chrome 79+ no longer shows preflight CORS requests
Global developer CAs considered harmful
Free as in Beer
How to Debug Anything
A Crash Course in Price Localization
The 5 Big Features of TypeScript 3.7 and How to Use Them
Unblocking Node With Unref()
Notarize your Electron App with Electron Forge
X-Ray Debugging for HTTP
Bundling Remote Scripts with Webpack
Debugging Netlify Function Errors with Sentry
One-click HTTP debugging for any CLI tool
Welcome to the HTTP Toolkit blog
100% open-source
Dive in at github.com/httptoolkit
Dive in at github.com/httptoolkit
Built in Barcelona
by Tim Perry
by Tim Perry