HTTP Message Parser

How to use

1. 1Copy a raw HTTP request or response from DevTools, Burp, the Postman console, or a .http file.
2. 2Paste it into the input box. Keep the blank line that separates the headers from the body so the body is detected.
3. 3Read the start line panel for the method and version (requests) or the status code and its meaning (responses).
4. 4For a request, check the reconstructed URL and the decoded query parameter table below it.
5. 5Review the header table, then read the body, which is pretty-printed as JSON, expanded as form fields, or shown as text based on its Content-Type.
6. 6Use the copy buttons to grab the URL, the headers, or the decoded body, or load a sample to see the format.

About this tool

HTTP Message Parser takes the raw text of an HTTP/1.x message and breaks it into the parts you actually want to read. It is built for the block you copy out of browser DevTools, Burp Suite, the Postman console, a saved .http or .rest file, or an RFC example: the start line, a list of header fields, a blank line, and an optional body. The tool first decides whether the message is a request or a response by looking at the first line. For a request it reads the method, the request target, and the HTTP version, then reconstructs an absolute URL by combining the target with the Host header, splits off the path and fragment, and decodes the query string into a name and value table so percent-encoded parameters are readable at a glance. Because a raw request carries no scheme, the URL is rebuilt as https by default and falls back to http when the Host names port 80, and the assumption is stated plainly rather than hidden. For a response it reads the HTTP version, the status code, and the reason phrase, classifies the code as informational, success, redirection, client error, or server error, and adds the standard meaning for common codes such as 301, 404, and 429. The header block is parsed into a name and value table that is aware of obsolete line folding, where a continuation line beginning with whitespace is joined to the header above it, and it flags fields that appear more than once so you can spot a header that was accidentally duplicated. The body is decoded according to its Content-Type: JSON and any plus-json media type are pretty-printed and validated, application/x-www-form-urlencoded is expanded into decoded field pairs, and multipart/form-data is split on its boundary into a per-part summary showing each part's headers and a short preview. When the response uses Transfer-Encoding: chunked, the chunk framing is removed first so the real payload is shown instead of the hex sizes. An unlabeled body that looks like JSON is still pretty-printed, and anything else is shown as plain text. Copy buttons let you lift the reconstructed URL, the header block, or the decoded body on their own. This tool is the structural companion to the HTTP Headers Parser, which classifies headers and audits security headers, and to the cURL Command Parser, which reads shell curl syntax. Everything runs locally in your browser with the native URL, URLSearchParams, and text decoding APIs, so the request or response you paste, including any tokens or credentials in it, is never uploaded, logged, or stored.

Free to use. Works in your browser. No signup, no login.