RFC 9458

Oblivious HTTP

Hide your identity from servers. No IP tracking, no request linking, no fingerprinting. Just private HTTP.

Read the docs Try it live

See the difference

Toggle between regular HTTP and OHTTP to see what the server can see about you.

01

Hide Your IP

The server sees the relay's IP, not yours. Your real location stays private.

02

Unlinkable Requests

Each request is cryptographically independent. No way to correlate them.

03

End-to-End Encrypted

The relay forwards blindly. Only the gateway can decrypt your requests.

How It Works

Split trust between relay and gateway. Neither sees the full picture.

Client

Encrypts request with gateway's public key. Sends to relay.

Relay

Sees client IP. Can't read encrypted payload. Forwards to gateway.

Gateway

Decrypts request. Sees content. Only knows relay IP, not client.

Try It Live

Send a real request through our hosted OHTTP relay and gateway.

Quick Start

Add OHTTP to your app in minutes.

npm install ohttp-ts hpke
import { OHTTPClient, KeyConfig } from 'ohttp-ts';

// Fetch the gateway's public key
const keyBytes = await fetch('https://gateway.ohttp.info/.well-known/ohttp-gateway')
  .then(r => r.arrayBuffer());
const keyConfig = KeyConfig.parse(new Uint8Array(keyBytes));

// Send Lilo's request through OHTTP
const client = new OHTTPClient(suite, keyConfig);
const { request, context } = await client.encapsulateRequest(
  new Request('https://api.example.com/data'),
  'https://relay.ohttp.info/ohttp'
);

const encResponse = await fetch(request);
const response = await context.decapsulateResponse(encResponse);

Resources

Documentation RFC 9458 The specification ohttp-ts TypeScript ohttp Rust