PTBox

HTTP / HTTPS Request Tester

Send GET / POST / PUT / PATCH / DELETE / HEAD / OPTIONS requests from your browser. Configure query params, headers and body (JSON / text / form-urlencoded). All requests use the browser fetch API and are subject to CORS — only endpoints that allow cross-origin requests are reachable.

Query parameters (auto-appended to URL).

Usage

Browser-local HTTP request tool using the native fetch API. Supports GET / POST / PUT / PATCH / DELETE / HEAD / OPTIONS with configurable query parameters, headers and body (JSON / text / form-urlencoded).

Browser limitations

  • CORS: only endpoints that allow cross-origin requests are reachable;
  • Mixed content: HTTPS pages can't request HTTP;
  • Forbidden headers: Cookie, Origin, Host, User-Agent can't be set by JavaScript.

Use cases

API debugging

Hand-craft a request and inspect the response — like a lightweight in-browser Postman.

Testing third-party APIs

Weather, maps, AI and other public endpoints.

Diagnosing CORS issues

See the browser's actual CORS error to pinpoint which header is missing.

Learning HTTP

Observe headers, status codes and Set-Cookie behaviour live.

FAQ

Why do I get a CORS error?

The target server doesn't allow cross-origin requests. Browser enforces this; the fix is on the server: add Access-Control-Allow-Origin.

Can I set Cookie headers?

No. The browser forbids JS from setting Cookie, Origin, Host, User-Agent and other restricted headers. Use Postman or curl for those.

Can an HTTPS page request HTTP?

No — mixed-content is blocked. Make sure your endpoint is also HTTPS.

How does this compare to Postman?

No install, runs in your browser, fully local. But CORS and forbidden-headers restrictions limit flexibility vs Postman / curl.

Comments

0 / 1000