Curated picks
Tools
Open a card for a full guide and a browser-only tool — no uploads. Details and external picks are below.
Swipe ›
In-browser tools
Utilities that run locally in your browser — use the topic filter above to narrow the list.
- Base64 encode & decode
Turn text into Base64 and back — UTF-8 safe, in your tab.
In-browser SecurityOpen - HTML entity encode & decode
Escape text for HTML or decode common entities — client-side only.
In-browser SecuritySEOOpen - JSON format & minify
Validate, pretty-print, or compress JSON for configs and APIs.
In-browser PerformanceSecurityOpen - JWT decoder
Inspect header and payload JSON — signature is not verified here.
In-browser SecurityOpen - SHA-256 hash
Fingerprint arbitrary text with SHA-256 — no server round trip.
In-browser SecurityOpen - UUID generator
Random UUID v4 values for fixtures, IDs, and placeholders.
In-browser PerformanceSecurityOpen
Hand-picked from the web
Editorial bookmarks for audits and research — each opens in a new tab at the provider.
- CSP Evaluator
Paste a Content-Security-Policy and spot risky directives.
SecurityExternal - Mozilla Observatory
HTTP Observatory scan with a simple letter grade.
SecurityExternal - Qualys SSL Labs
Deep TLS configuration and certificate chain analysis.
SecurityExternal - Security Headers
Quick report on HSTS, CSP, and related response headers.
SecurityExternal
Further down you will find hand-picked third-party tools we use in audits (each opens in a new tab), plus links to our topic hubs and the rest of the site.
For deeper reading, jump into our topic hubs. Everything here opens in a new tab on the provider’s site.
Explore our Performance, Ecology, Accessibility, Security, and SEO hubs for deeper reading.