diff --git a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
index 2900af9034c..ded01aebfc9 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
+++ b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
@@ -734,4 +734,181 @@ void test_winhttp_crack_url() {
     sink(urlComponents.lpszExtraInfo);
     sink(*urlComponents.lpszExtraInfo); // $ ir
   }
+}
+
+using HTTP_REQUEST_ID = ULONGLONG;
+using HTTP_CONNECTION_ID = ULONGLONG;
+using HTTP_URL_CONTEXT = ULONGLONG;
+using HTTP_RAW_CONNECTION_ID = ULONGLONG;
+
+typedef struct _HTTP_VERSION {
+  USHORT MajorVersion;
+  USHORT MinorVersion;
+} HTTP_VERSION, *PHTTP_VERSION;
+
+typedef enum _HTTP_VERB {
+  HttpVerbUnparsed = 0
+} HTTP_VERB, *PHTTP_VERB;
+
+typedef struct _HTTP_COOKED_URL {
+  USHORT FullUrlLength;
+  USHORT HostLength;
+  USHORT AbsPathLength;
+  USHORT QueryStringLength;
+  PCWSTR pFullUrl;
+  PCWSTR pHost;
+  PCWSTR pAbsPath;
+  PCWSTR pQueryString;
+} HTTP_COOKED_URL, *PHTTP_COOKED_URL;
+
+typedef struct _HTTP_TRANSPORT_ADDRESS {
+  struct sockaddr* pRemoteAddress;
+  struct sockaddr* pLocalAddress;
+} HTTP_TRANSPORT_ADDRESS, *PHTTP_TRANSPORT_ADDRESS;
+
+typedef struct _HTTP_KNOWN_HEADER {
+  USHORT RawValueLength;
+  PCSTR  pRawValue;
+} HTTP_KNOWN_HEADER, *PHTTP_KNOWN_HEADER;
+
+typedef struct _HTTP_UNKNOWN_HEADER {
+  USHORT NameLength;
+  USHORT RawValueLength;
+  PCSTR  pName;
+  PCSTR  pRawValue;
+} HTTP_UNKNOWN_HEADER, *PHTTP_UNKNOWN_HEADER;
+
+typedef struct _HTTP_REQUEST_HEADERS {
+  USHORT               UnknownHeaderCount;
+  PHTTP_UNKNOWN_HEADER pUnknownHeaders;
+  USHORT               TrailerCount;
+  PHTTP_UNKNOWN_HEADER pTrailers;
+  HTTP_KNOWN_HEADER    KnownHeaders[41];
+} HTTP_REQUEST_HEADERS, *PHTTP_REQUEST_HEADERS;
+
+typedef struct _HTTP_BYTE_RANGE {
+  ULONGLONG StartingOffset;
+  ULONGLONG Length;
+} HTTP_BYTE_RANGE, *PHTTP_BYTE_RANGE;
+
+typedef struct _HTTP_DATA_CHUNK {
+  int DataChunkType;
+  union {
+    struct {
+      PVOID pBuffer;
+      ULONG BufferLength;
+    } FromMemory;
+    struct {
+      HTTP_BYTE_RANGE ByteRange;
+      HANDLE          FileHandle;
+    } FromFileHandle;
+    struct {
+      USHORT FragmentNameLength;
+      PCWSTR pFragmentName;
+    } FromFragmentCache;
+    struct {
+      HTTP_BYTE_RANGE ByteRange;
+      PCWSTR          pFragmentName;
+    } FromFragmentCacheEx;
+    struct {
+      USHORT               TrailerCount;
+      PHTTP_UNKNOWN_HEADER pTrailers;
+    } Trailers;
+  };
+} HTTP_DATA_CHUNK, *PHTTP_DATA_CHUNK;
+
+typedef struct _HTTP_SSL_CLIENT_CERT_INFO {
+  ULONG  CertFlags;
+  ULONG  CertEncodedSize;
+  char*  pCertEncoded;
+  HANDLE Token;
+  BOOL   CertDeniedByMapper;
+} HTTP_SSL_CLIENT_CERT_INFO, *PHTTP_SSL_CLIENT_CERT_INFO;
+
+typedef struct _HTTP_SSL_INFO {
+  USHORT                      ServerCertKeySize;
+  USHORT                      ConnectionKeySize;
+  ULONG                       ServerCertIssuerSize;
+  ULONG                       ServerCertSubjectSize;
+  PCSTR                       pServerCertIssuer;
+  PCSTR                       pServerCertSubject;
+  PHTTP_SSL_CLIENT_CERT_INFO  pClientCertInfo;
+  ULONG                       SslClientCertNegotiated;
+} HTTP_SSL_INFO, *PHTTP_SSL_INFO;
+
+typedef struct _HTTP_REQUEST {
+  ULONG                    Flags;
+  HTTP_CONNECTION_ID       ConnectionId;
+  HTTP_REQUEST_ID          RequestId;
+  HTTP_URL_CONTEXT         UrlContext;
+  HTTP_VERSION             Version;
+  HTTP_VERB                Verb;
+  USHORT                   UnknownVerbLength;
+  USHORT                   RawUrlLength;
+  PCSTR                    pUnknownVerb;
+  PCSTR                    pRawUrl;
+  HTTP_COOKED_URL          CookedUrl;
+  HTTP_TRANSPORT_ADDRESS   Address;
+  HTTP_REQUEST_HEADERS     Headers;
+  ULONGLONG                BytesReceived;
+  USHORT                   EntityChunkCount;
+  PHTTP_DATA_CHUNK         pEntityChunks;
+  HTTP_RAW_CONNECTION_ID   RawConnectionId;
+  PHTTP_SSL_INFO           pSslInfo;
+} HTTP_REQUEST, *PHTTP_REQUEST;
+
+ULONG HttpReceiveHttpRequest(
+  HANDLE          RequestQueueHandle,
+  HTTP_REQUEST_ID RequestId,
+  ULONG           Flags,
+  PHTTP_REQUEST   RequestBuffer,
+  ULONG           RequestBufferLength,
+  PULONG          BytesReturned,
+  LPOVERLAPPED    Overlapped
+);
+
+ULONG HttpReceiveRequestEntityBody(
+  HANDLE          RequestQueueHandle,
+  HTTP_REQUEST_ID RequestId,
+  ULONG           Flags,
+  PVOID           EntityBuffer,
+  ULONG           EntityBufferLength,
+  PULONG          BytesReturned,
+  LPOVERLAPPED    Overlapped
+);
+
+ULONG HttpReceiveClientCertificate(
+  HANDLE                     RequestQueueHandle,
+  HTTP_CONNECTION_ID         ConnectionId,
+  ULONG                      Flags,
+  PHTTP_SSL_CLIENT_CERT_INFO SslClientCertInfo,
+  ULONG                      SslClientCertInfoSize,
+  PULONG                     BytesReceived,
+  LPOVERLAPPED               Overlapped
+);
+
+void test_http_server_api(HANDLE hRequestQueue) {
+  {
+    HTTP_REQUEST requestBuffer;
+    ULONG bytesReturned;
+    ULONG result = HttpReceiveHttpRequest(hRequestQueue, 0, 0, &requestBuffer, sizeof(requestBuffer), &bytesReturned, nullptr);
+    char* p = reinterpret_cast<char*>(&requestBuffer);
+    sink(p);
+    sink(*p); // $ MISSING: ir
+  }
+  {
+    char buffer[1024];
+    ULONG bytesReturned;
+    ULONG result = HttpReceiveRequestEntityBody(hRequestQueue, 0, 0, buffer, sizeof(buffer), &bytesReturned, nullptr);
+    sink(buffer);
+    sink(*buffer); // $ MISSING: ir
+  }
+  {
+    HTTP_SSL_CLIENT_CERT_INFO certInfo;
+    ULONG bytesReceived;
+    ULONG result = HttpReceiveClientCertificate(hRequestQueue, 0, 0, &certInfo, sizeof(certInfo), &bytesReceived, nullptr);
+    char* p = reinterpret_cast<char*>(&certInfo);
+    sink(p);
+    sink(*p); // $ MISSING: ir
+  }
 }
\ No newline at end of file