HttpLens 1.1.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package HttpLens --version 1.1.0
                    


                    

                
NuGet\Install-Package HttpLens -Version 1.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="HttpLens" Version="1.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="HttpLens" Version="1.1.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="HttpLens" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add HttpLens --version 1.1.0
                    


                    

                
#r "nuget: HttpLens, 1.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package HttpLens@1.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=HttpLens&version=1.1.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=HttpLens&version=1.1.0
                    


                            Install as a Cake Tool

HttpLens

Install one NuGet package, add two lines of code, and see every outbound HTTP call your app makes — in a browser dashboard.

Features

  • Automatic interception — captures all HttpClient requests/responses via IHttpClientFactory
  • Embedded dashboard — dark/light theme SPA served at /_httplens
  • Sensitive header masking — Authorization, Cookie, X-Api-Key and custom headers masked before storage
  • Request/response body capture — with configurable size limits and truncation
  • Polly retry detection — groups retry attempts visually in the dashboard
  • Export — one-click copy as cURL or C# HttpClient code; download HAR 1.2 files
  • Correlation — W3C Trace ID, inbound request path, HttpClient name
  • In-memory ring buffer — configurable max records, thread-safe
  • Real-time updates — polling fallback (SignalR planned)

Installation

dotnet add package HttpLens

Quick Start

var builder = WebApplication.CreateBuilder(args);

// 1. Register HttpLens services
builder.Services.AddHttpLens();

var app = builder.Build();

// 2. Mount the dashboard
app.MapHttpLensDashboard();

app.Run();

Then open https://localhost:5001/_httplens in your browser.

Configuration

Option Default Description
MaxStoredRecords 500 Maximum number of records kept in memory
MaxBodyCaptureSize 64000 Max characters captured per body
DashboardPath /_httplens URL path for the dashboard
SensitiveHeaders Authorization, Cookie, Set-Cookie, X-Api-Key Headers whose values are masked
CaptureRequestBody true Whether to capture request bodies
CaptureResponseBody true Whether to capture response bodies 
builder.Services.AddHttpLens(options =>
{
    options.MaxStoredRecords = 1000;
    options.SensitiveHeaders.Add("X-Custom-Secret");
    options.CaptureRequestBody = true;
});

Security

By default HttpLens applies no security — the dashboard is publicly accessible. This preserves the zero-config developer experience. Each security layer is opt-in.

Security Layers

Layer Option Default Behaviour
Master switch IsEnabled true When false, capture stops and dashboard returns 404
Environment guard AllowedEnvironments [] (all) Only register services in matching environments
API key ApiKey null (off) Require X-HttpLens-Key header or ?key= query param
IP allowlist AllowedIpRanges [] (all) Restrict by IP address or CIDR range
Auth policy AuthorizationPolicy null (off) Apply any registered ASP.NET Core auth policy

Configuration Examples

Restrict to development only:

// Automatically skips registration in Production
builder.Services.AddHttpLens(builder.Environment, options =>
{
    options.AllowedEnvironments.AddRange(["Development", "Staging"]);
});

Protect with an API key:

builder.Services.AddHttpLens(options =>
{
    options.ApiKey = "my-secret-key";
});

Then access the dashboard at /_httplens?key=my-secret-key. The key is stored in sessionStorage so subsequent API calls include it automatically via the X-HttpLens-Key header.

Restrict by IP:

builder.Services.AddHttpLens(options =>
{
    options.AllowedIpRanges.AddRange(["127.0.0.1", "10.0.0.0/8", "::1"]);
});

Disable in production via appsettings.json:

appsettings.Development.json:

{ "HttpLens": { "IsEnabled": true } }

appsettings.Production.json:

{ "HttpLens": { "IsEnabled": false } }

Then bind in Program.cs:

builder.Services.AddHttpLens(options =>
    builder.Configuration.GetSection("HttpLens").Bind(options));

Combined example (recommended for shared/staging environments):

builder.Services.AddHttpLens(builder.Environment, options =>
{
    builder.Configuration.GetSection("HttpLens").Bind(options);

    // Override: force-disable in production regardless of config
    if (builder.Environment.IsProduction())
        options.IsEnabled = false;
});

Middleware Order

Security checks are applied automatically inside MapHttpLensDashboard() in this order:

  1. EnabledGuard — returns 404 if IsEnabled = false
  2. IpAllowlist — returns 403 if client IP is not in AllowedIpRanges
  3. ApiKey — returns 401 if X-HttpLens-Key / ?key= is missing or wrong
  4. Authorization policy — evaluated by ASP.NET Core auth middleware
  5. Endpoint handler

No UseMiddleware calls are needed in your Program.cs.

Note: MapHttpLensDashboard() automatically applies all security checks (enabled guard, IP allowlist, API key, and authorization policy) to both the SPA and API routes. If you call MapHttpLensApi() directly, only the authorizationPolicy parameter (if provided) is applied — IP allowlist and API key checks are skipped.

Polly Retry Detection

To group Polly retry attempts in the dashboard:

builder.Services
    .AddHttpClient("MyClient")
    .AddStandardResilienceHandler()   // Polly resilience
    .Services
    .AddHttpClient("MyClient")
    .AddRetryDetection();             // HttpLens retry tracking

Retried requests are grouped visually — the first attempt appears as a normal row, subsequent retries appear indented beneath it.

Export Features

  • cURL — Click "📋 Copy" on the Export tab to copy a ready-to-paste cURL command
  • C# — Copy a complete HttpClient / HttpRequestMessage code snippet
  • HAR — Click "📦 HAR" to download all filtered traffic as a HAR 1.2 file (importable in Chrome DevTools)

Dark / Light Theme

Toggle between dark and light themes using the 🌙/☀️ button in the header. Preference is saved to localStorage.

API Endpoints

Endpoint Description
GET /_httplens/api/traffic?skip=0&take=100 List traffic records
GET /_httplens/api/traffic/{id} Get single record
DELETE /_httplens/api/traffic Clear all records
GET /_httplens/api/traffic/retrygroup/{groupId} Get all attempts in a retry group
GET /_httplens/api/traffic/{id}/export/curl Export as cURL
GET /_httplens/api/traffic/{id}/export/csharp Export as C# code
GET /_httplens/api/traffic/export/har?ids=... Export as HAR 1.2

License

MIT

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.0 41 4/13/2026
1.0.0 66 4/5/2026