Hosting

Webhook.site

Item: Webhook.site
Rating: 6
Author: KYC No Thanks

Webhook.site generates disposable URLs and email addresses for instant, no-sign-up inspection of webhooks and HTTP requests, with optional automation workflows and Tor access.

6.0

out of 10

L1 Anonymous

Non-custodial No email required No IP logging 5 payment options

Visit website Suggest an update

// review

Overview

Webhook.site is a developer-centric utility that falls under the Hosting category in the no-KYC landscape. Rather than functioning as a traditional web host, it provides ephemeral infrastructure for testing, transforming, and automating web requests and emails. Visitors land on the homepage and receive an instant, randomized URL and matching email address, no account, no email verification, no identity check required. Every HTTP request, email payload, or DNS query hitting that endpoint appears in real time, making it a staple for debugging webhooks, API integrations, and email flows without spinning up local servers.

The platform layers on advanced capabilities for paying subscribers: a visual Custom Actions builder, a scripting language called WebhookScript, cron-style scheduling, uptime monitoring, and native integrations with services like Google Sheets, Slack, S3, and Postgres databases. The codebase is open source, and a Tor onion service is available, reinforcing its appeal to privacy-minded developers who want to inspect traffic without leaving obvious trails.

Privacy & KYC

Webhook.site sits at KYC Tier L1, fully anonymous, or more precisely, pseudonymous. The free tier demands no personal data whatsoever: no email address, no phone number, no identity documents. You receive a token-based URL that exists for roughly seven days or until it hits the 100-request ceiling, whichever comes first. This makes it genuinely accessible for users who refuse to hand over any identifiable information.

However, the privacy picture darkens significantly once you examine data handling. The service logs IP addresses for every incoming request and displays them in the request detail panel alongside geolocation data. Free URLs are not protected by login credentials; anyone with the random token can view its traffic. While the operator notes that paid accounts store data in Europe under Danish and German jurisdiction with ISO 27001 and SOC 2 certified infrastructure, the default free experience exposes substantial metadata. The privacy score of 5/100 reflects this tension: the barrier to entry is zero, but the informational leakage is high.

KYC tier: L1, Anonymous (no personal data required for free use)
Email required: No for free tier; yes for paid accounts
IP logging: Yes, visible in request details with geolocation
Tor support: Available via onion mirror
Open source: Yes, codebase publicly auditable

Supported assets & payments

Webhook.site accepts an unusually broad mix of payment methods for a developer tool, including Monero, Bitcoin, Lightning Network, fiat currencies, and cash. This flexibility aligns with its no-KYC positioning, allowing privacy-conscious users to upgrade without triggering traditional financial surveillance. The entry-level paid tier starts at $7.50 per month and removes the free tier's core restrictions: unlimited requests, permanent URLs, email addresses that do not auto-expire, and encrypted storage tied to an account. Higher tiers expand request history up to 100,000 items and add enterprise features like SSO, custom domains, and white-label interfaces.

Notably, the free tier's 100-request cap and automatic URL expiration create a hard friction point for sustained use. Once a free URL hits its limit, it returns HTTP 410 Gone or 429 Too Many Requests and stops logging entirely. This design effectively pushes active users toward paid plans while keeping the anonymous entry point intact.

Security & custody

Webhook.site operates on a custodial model for paid accounts, your URLs, request history, and workflow configurations reside on their servers in Germany, accessible only via API key or login. Free-tier data is technically non-custodial in the sense that no account owns it, but this is a double-edged sword: the lack of authentication means anyone guessing or intercepting your random token can access your traffic. There is no end-to-end encryption of payloads; data is stored in plaintext and displayed as such.

The platform's trust score of 5/100 stems from this exposure. While the operator prohibits abuse, banning malware distribution, load testing, and scraping, and enforces fair-use limits (100 tokens per day with expiry, 10 without), the fundamental architecture prioritizes convenience over confidentiality. Third-party validators like Scam Detector rate the domain highly for legitimacy, but legitimacy does not equate to privacy. Users handling sensitive payloads should treat Webhook.site as a transparent pipeline, not a vault.

Who it's for, verdict

Webhook.site serves a narrow but genuine niche in the no-KYC ecosystem: developers, security researchers, and automation builders who need instant, disposable endpoints without administrative overhead. It excels for quick webhook debugging, email flow verification, and prototyping integrations where setting up a local listener is impractical. The open-source foundation and Tor availability give it credibility among privacy advocates, even if the implementation leaks metadata aggressively.

We do not recommend Webhook.site for transmitting sensitive personal data, financial credentials, or anything requiring confidentiality. The IP logging, plaintext storage, and unauthenticated free URLs make it a poor fit for high-stakes anonymity. For casual, short-lived testing, especially when paired with a VPN or Tor, it remains a useful, low-friction tool. The overall score of 6/10 reflects this utility: exceptional accessibility, mediocre privacy, and a business model that respects pseudonymous payment even as it surveils request metadata.

Data sourced from kycnot.me

Pros

Instant, no-sign-up access with randomized URLs and email addresses
Open-source codebase with active community visibility
Tor onion service available for additional layer of anonymity
Broad payment options including Monero, Bitcoin, and cash
Powerful automation and integration features for paid tiers

Cons

Aggressive IP logging and geolocation display on all requests
Free URLs expire automatically and cap at 100 requests
No end-to-end encryption; payloads stored and displayed in plaintext
Unauthenticated free tokens mean anyone with the URL can view traffic

At a glance

Non-custodial

No email required

No IP logging

Why this score

Anonymous

Pseudonymous access, no personal data.

Frequently asked questions

Can I use Webhook.site completely anonymously?

Yes, the free tier requires no personal information. However, your IP address is logged and displayed with each request, so pairing the service with a VPN or Tor is advisable for stronger anonymity.

What happens when my free URL hits the request limit?

The URL returns HTTP 410 Gone or 429 Too Many Requests and stops accepting or logging new traffic. You must upgrade to a paid plan or generate a new free URL to continue.

Is Webhook.site safe for sensitive data?

No. The service stores payloads in plaintext without end-to-end encryption, and free URLs are accessible to anyone with the token. Treat it as a debugging tool, not a secure data channel.

Does Webhook.site offer a refund if I upgrade and change my mind?

Paid subscriptions include a 14-day refund period according to the current pricing page.

Where is my data physically stored?

Paid account data is stored on servers in Germany, operated under Danish and European data protection law. Free-tier data expires automatically and is not tied to an account.

Update log

May 29, 2026
Reviewed fair-use policy language on token creation limits
Apr 25, 2026
Confirmed open-source repository status and GitHub presence
Mar 22, 2026
Added enterprise plan details including 100,000-item history cap
Feb 17, 2026
Clarified free-tier request limit from 50 to 100 based on current terms
Jan 12, 2026
Adjusted privacy score downward after confirming IP geolocation display in UI
Dec 13, 2025
Updated supported payment methods to reflect Monero and Lightning acceptance
Nov 8, 2025
Re-verified Tor onion mirror availability and accessibility

Scores

Overall 6/10

Privacy 5/100

Trust 5/100

Accepted payments

Monero Bitcoin Lightning Fiat Cash

Features

Tor available
Open source

Visit website

Related services

MyNymBox

mynymbox.io

9.0

/ 10

VPS Hosting Domains

MyNymBox is a privacy-first hosting provider offering anonymous VPS, domain registration and shared hosting with pseudonymous sign-ups and broad cryptocurrency support, though aggressive abuse enforcement divides user opinion.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source

Ko-Net

ko-net.ws

9.0

/ 10

VPS Hosting

Ko-Net is a privacy-first Swedish hosting provider offering anonymous VPS, managed DNS, and server management with no KYC, crypto-native billing, and a strict no-logging stance.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›Non-custodial

Jink Host

jink.host

8.0

/ 10

Hosting

Jink Host delivers budget-friendly, no-KYC infrastructure across EU and US nodes, accepting Monero and Bitcoin for pseudonymous provisioning of VPS, RDP, and dedicated servers.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source