HTTPS POST Test

Use the forms below to send a test message or upload a file to dlptest.com using the HTTP POST method over TLS (HTTPS). The server accepts the request and discards the body. No data is logged, stored, or forwarded. This is intended as a tripwire so your DLP can detect and ideally block sensitive content as it leaves the endpoint or passes through your proxy or SSE inspection path.

Testing a control that can't decrypt TLS — a network tap or a passive Network Monitor? Use the HTTP POST test instead.

Drop files here or click to add

Maximum total upload size: 100 MB. Nothing you send is stored or forwarded; the server reads each attachment and discards it.

Test with curl or scripts

The accept-and-discard endpoint is /api/http-post/. You can POST any body (form data, JSON, raw bytes, multipart). Responses are JSON with an ok field (true when the body was accepted). GET on the same URL returns a short JSON hint. Cross-origin use from automation or in-browser fetch from another origin is allowed via permissive CORS on this route only.

Examples (use your own hostname for staging or production):

# Probe the endpoint
curl -sS "https://dlptest.com/api/http-post/"

# Small form-style body
curl -sS -X POST "https://dlptest.com/api/http-post/" \
  -d "message=DLP+POST+test"

# JSON body
curl -sS -X POST "https://dlptest.com/api/http-post/" \
  -H "Content-Type: application/json" \
  -d '{"note":"sample payload"}'

# Raw file (single part; good for scripted throughput checks)
curl -sS -X POST "https://dlptest.com/api/http-post/" \
  --data-binary @./your-local-file.bin

What is an HTTP(S) POST?

HTTP POST is a request method in the HTTP family (the same protocol whether the transport is TLS or not). A POST asks a server to accept an entity in the request body. Forms in browsers, REST APIs, and file uploads typically use POST when they send data that is not idempotent or that does not fit cleanly in the URL.

POST compared to GET

GET requests usually retrieve data and carry parameters in the query string. POST requests send their primary payload in the body, which suits larger or structured content and avoids putting sensitive values in URLs or logs. Many DLP products inspect POST bodies on web and API traffic, often together with TLS decryption on proxies or agents.

How dlptest.com uses POST

This site does not store or process your test payloads. The Worker reads the request body so the bytes traverse the network fully (so inspection appliances can see them), then discards them. That makes POST here a safe pattern for validating Data Loss Prevention rules, ICAP integrations, and SSE inspection, without sending real customer data to a third party that would retain it.