Curated picks

Tools

Open a card for a full guide and a browser-only tool — no uploads, no server round trips. Curated external picks sit below.

In-browser tools

6 live · runs in your tab

Base64 encode & decode

Turn text into Base64 and back — UTF-8 safe, in your tab.

In-browser Security

HTML entity encode & decode

Escape text for HTML or decode common entities — client-side only.

In-browser SecuritySEO

JSON format & minify

Validate, pretty-print, or compress JSON for configs and APIs.

In-browser PerformanceSecurity

JWT decoder

Inspect header and payload JSON — signature is not verified here.

In-browser Security

SHA-256 hash

Fingerprint arbitrary text with SHA-256 — no server round trip.

In-browser Security

UUID generator

Random UUID v4 values for fixtures, IDs, and placeholders.

In-browser PerformanceSecurity

External picks

4 curated · opens in a new tab

CSP Evaluator

Paste a Content-Security-Policy and spot risky directives.

External Security

Open in new tab

Mozilla Observatory

HTTP Observatory scan with a simple letter grade.

External Security

Open in new tab

Qualys SSL Labs

Deep TLS configuration and certificate chain analysis.

External Security

Open in new tab

Security Headers

Quick report on HSTS, CSP, and related response headers.

External Security

Open in new tab

What “in-browser” means

Every built-in tool runs in your tab — no payload leaves your browser, no analytics tracks what you paste. Hashes use the Web Crypto API, JSON parses with the engine’s native parser, and tokens are decoded with atob plus a TextDecoder. We mention what each tool does not verify on its own page.