No. Runs in your browser. Shadow values, preview, exported StyleSheet stay on your device.

Why does SHA-224 exist?

NIST 2004 design for 112-bit security strength compliance — matching 3DES key derivation. Mostly used in older federal specs.

Is WebCrypto support universal?

Yes — Chrome 37+, Firefox 34+, Safari 11+. Universal in 2026.

Keyed hash combining secret key with SHA-384. Used in JWT (HS384) and AWS Signature V4 for high-assurance APIs.

No. Prettier runs in your browser via WebAssembly. Code is never uploaded — safe for proprietary code.

No. The minifier runs Terser in your browser via WebAssembly. Code is never uploaded — safe for proprietary or pre-release code.

No. The minifier runs in your browser via WebAssembly. Markup never reaches our servers.

What's the difference between an HTML and CSS minifier?

HTML minifiers strip whitespace and tags from markup. CSS minifiers strip whitespace from stylesheets. Our HTML minifier also minifies inline style and script blocks.

Is Base64 encryption?

No. Base64 is encoding, not encryption. Anyone can decode Base64 instantly without a key. Use real encryption (AES-GCM, RSA, libsodium) for confidentiality.

What's the difference between Base64 and URL-safe Base64?

Standard Base64 uses + and / in its alphabet. URL-safe Base64 substitutes - for + and _ for /. JWT tokens, OAuth, and most modern APIs use URL-safe.

Why does Base64 add 33% size?

Three input bytes become four output characters — a 4:3 ratio. Fundamental to representing 8-bit data in a 6-bit-per-character alphabet.

Tag: Coding Tools

Image to Base64 Converter: Data URL Encoder [2026]

TL;DR: An image-to-Base64 converter encodes any image (PNG, JPG, WebP, SVG, GIF) as a Base64 string and wraps it in a data:image/;base64,... URL, ready to paste into HTML src, CSS url(), or JSON. Use it for inline icons under 4 KB, email templates that demand inline assets, and small SVGs that don’t justify a network request. Our free image-to-Base64 converter runs entirely in your browser — drag and drop any image, copy the result.

A Base64 data URL inlines an image directly into HTML, CSS, or JSON. Instead of <img src="logo.png"> with a network request, you write <img src="data:image/png;base64,iVBORw0KGgo..."> and the image is part of the document. That eliminates the round-trip — useful for tiny icons in critical CSS, email templates that demand inline assets (Gmail blocks externally-hosted images by default), and JSON payloads where a separate file isn’t an option (push notifications, web push payloads, embedded widget configs).

Our image to Base64 converter handles every common format, runs in your browser (the file never uploads), and gives you four output shapes — raw Base64, full data URL, CSS url(), and HTML <img> tag. This guide covers when inlining is the right call (often it isn’t), the size overhead (~33%), and the gotchas with caching, gzip, and font-icon migration.

When to inline an image as Base64 — and when not to

Use case	Inline as Base64?	Why
Icon under 4 KB in critical CSS	Yes	Saves a request on the critical path
HTML email template	Yes (often required)	Most clients block external images by default
Large hero image (> 50 KB)	No	Inflates HTML, blocks parsing, no CDN caching
Image used on every page	No	External file caches once, serves N times
SVG icon set used 5+ times per page	Maybe — try SVG sprite first	Sprite sheets compress better than per-icon Base64
Embed widget configuration JSON	Yes	JSON can’t reference external files
Push notification icon	Yes	Browser push payloads are limited and need self-contained data

The 33% size penalty

Base64 encodes 3 raw bytes as 4 ASCII characters. That’s a 33% size overhead before any other effects. A 12 KB PNG becomes a ~16 KB Base64 string. For text-mode HTTP responses (HTML, CSS, JSON), gzip compresses the Base64 string back down — typically to within 5–8% of the original binary size. So the true overhead in a gzipped HTTP response is small.

What gzip can’t fix: Base64-inlined assets are part of the HTML, so they block the HTML parser longer. They can’t be cached separately by the browser — every page load redownloads the whole HTML including the inline image. For an icon shown on every page, this trades a one-time round-trip for a recurring kilobyte penalty. Run the math.

How to convert an image to Base64

Open the image to Base64 converter
Drop your image, click to pick a file, or paste from clipboard
The converter detects the MIME type automatically (image/png, image/jpeg, image/svg+xml, etc.)
Pick output format: Raw Base64, Data URL, CSS url(), or HTML <img> tag
Click Copy — paste into your HTML, CSS, or JSON

Output shapes — paste-ready for every context

The same image produces four different output strings depending on where you’ll paste it:

// Raw Base64
iVBORw0KGgoAAAANSUhEUgAA...

// Data URL — works in HTML src, CSS url(), JS Image()
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA...

// CSS url()
.icon { background: url("data:image/png;base64,iVBORw...") no-repeat; }

// HTML img tag
<img src="data:image/png;base64,iVBORw0KGgo..." alt="...">

Common gotchas

SVGs can be inlined more efficiently as URL-encoded SVG. Instead of data:image/svg+xml;base64,... use data:image/svg+xml;utf8,... with URL-encoded SVG markup. The result is smaller (no Base64 overhead) and gzip-compresses better. Most modern browsers support both forms.
Don’t inline JPEGs above ~10 KB. The Base64 string bloats your HTML by 33%, blocks the parser, and the savings from one fewer request are negligible compared to the parsing cost. Use a CDN.
Gmail strips inline Base64 PNGs above 4 KB in some cases. Email-client behaviour varies wildly; test with Litmus or Email on Acid before mass-mailing a campaign that depends on inline images.
CSP headers may block data URLs. A Content Security Policy with img-src: 'self' blocks data: URLs. Add data: to img-src if you use inline images: img-src 'self' data:;.
Don’t inline animated GIFs as Base64. Encoded GIF blobs are huge (often 100 KB+ for a 5-second clip), and most email clients render the first frame only anyway. Use a hosted MP4 or animated WebP for non-email contexts.
Build pipelines do this automatically. Webpack’s asset/inline, Vite’s ?inline import suffix, and Next.js’s next/image all auto-inline assets below a threshold. For a real codebase, configure that threshold in your bundler instead of running this tool by hand.

When NOT to use this tool

If your build pipeline (Webpack, Vite, Parcel, Next.js, Astro) handles inlining automatically — set the threshold in your bundler config and trust it. For batch automation in CI, write a Node script that reads the image and outputs the data URL — no browser needed. For SVG-heavy use, prefer SVG sprite sheets or inline <svg> markup over data URLs — they compress better and remain editable. Use this browser tool for one-off conversions, email templates pasted into Mailchimp/SendGrid, embed-widget config files, and learning what a data URL looks like.

Frequently asked questions

What’s the file size limit?

Effectively your browser’s available memory. Conversion is fast for files up to several MB. Above 10 MB the Base64 string itself becomes unwieldy to paste. There’s no point inlining an image that large — use a CDN.

Why does my Base64 string differ between tools?

Same input bytes always produce the same Base64. Differences come from MIME type detection, line-break formatting (some tools insert \n every 76 characters per RFC 2045; modern tools output unbroken strings), or trailing padding. The encoded image bytes are byte-identical.

Will inlining help my page load faster?

For tiny critical-path images (under 4 KB, used once), yes — saves a network round-trip. For images used on multiple pages or above 10 KB, no — you bloat HTML with no caching, which is usually worse than a single fetch. Test with Lighthouse before committing.

Does this work for SVGs?

Yes, but a URL-encoded SVG (data:image/svg+xml;utf8,...) is usually smaller than Base64. Our converter offers both forms — pick “URL-encoded” for SVGs to save a few bytes.

Is my image uploaded?

No. The converter runs in your browser using the FileReader API. The image is loaded into memory and encoded locally — it never leaves your device. You can verify in the Network tab: dropping a file produces zero outbound requests.

Can I decode Base64 back to an image?

Yes — paste a data URL into the converter and toggle “Decode mode”. The original image is reconstructed and offered as a download. Useful for inspecting an inlined asset you want to extract from a page.

Related tools and guides

May 5, 2026

React Native Shadow Generator: iOS + Android [2026]

TL;DR: React Native handles shadows with two completely different APIs depending on platform. iOS uses four properties: shadowColor, shadowOffset, shadowOpacity, shadowRadius. Android uses one — elevation — which renders a Material-Design-style shadow whose appearance you can’t fully control. Our free React Native shadow generator shows both side by side, lets you tune iOS to match an Android elevation visually, and outputs a copy-paste StyleSheet block including the cross-platform Platform.OS guard.

Shadows on a React Native card sound like one feature; they’re actually two implementations with no overlap. iOS reads the four shadow* props that map closely to Apple’s CALayer shadow API. Android ignores all four and reads elevation only — a 0–24 numeric value that the Material framework converts into a system-rendered shadow. Set both: iOS uses its props, Android uses elevation. Set only iOS-style props: Android is shadowless. Set only elevation: iOS is shadowless. Pretty much every “why does my shadow not show up?” Stack Overflow question is one of these three.

Our React Native shadow generator renders both platforms side-by-side with a live preview that approximates each platform’s rendering. You set the iOS values, see the Android equivalent under our preset mapping, and copy a single StyleSheet block that works on both. This guide covers the prop semantics, the iOS-vs-Android visual mismatches, and the gotchas with backgroundColor, borderRadius, and overflow.

iOS shadow props vs Android elevation

Property	Platform	Type	Default
`shadowColor`	iOS only	colour	`'black'`
`shadowOffset`	iOS only	`{ width, height }`	`{ width: 0, height: 0 }`
`shadowOpacity`	iOS only	number 0–1	`0` (invisible)
`shadowRadius`	iOS only	number (px)	`3`
`elevation`	Android only	number (0–24)	`0`

Mapping iOS values to Android elevation

Material Design’s elevation system is a fixed scale: 1 = subtle, 2 = card, 4 = button, 6 = dropdown, 8 = floating action button, 16 = navigation drawer, 24 = highest layer. There’s no Android API to fully customise the shadow — you pick a number and Android renders the matching Material shadow. Approximate iOS-to-Android mapping:

iOS subtle (offset 0/2, opacity 0.1, radius 3) ≈ elevation: 2
iOS soft card (offset 0/4, opacity 0.15, radius 6) ≈ elevation: 4
iOS prominent (offset 0/6, opacity 0.2, radius 10) ≈ elevation: 8
iOS dramatic (offset 0/12, opacity 0.3, radius 16) ≈ elevation: 16

Pixel-perfect parity isn’t possible — the platforms render shadows with different algorithms. Aim for visual equivalence at the design-system level: a “card” looks like a card on both platforms.

How to generate a React Native shadow

Open the React Native shadow generator
Adjust the four iOS sliders: shadowColor, shadowOffset, shadowOpacity, shadowRadius
The Android elevation slider tracks automatically (or override manually)
Watch the side-by-side preview — iOS on the left, Android approximation on the right
Click Copy StyleSheet for a complete cross-platform block

Cross-platform StyleSheet pattern

The standard React Native shadow shim looks like this:

import { StyleSheet, Platform } from "react-native";

const styles = StyleSheet.create({
  card: {
    backgroundColor: "white",
    borderRadius: 12,
    padding: 16,
    ...Platform.select({
      ios: {
        shadowColor: "#000",
        shadowOffset: { width: 0, height: 4 },
        shadowOpacity: 0.15,
        shadowRadius: 8,
      },
      android: {
        elevation: 4,
      },
    }),
  },
});

Note backgroundColor is required on Android for elevation to render — without it, Android won’t draw the shadow even though the prop is set. iOS doesn’t have this requirement.

Common gotchas

Android elevation requires backgroundColor. A transparent or undefined background makes Android skip the shadow entirely. Always set a background colour for elevation to render.
iOS shadow doesn’t follow rounded corners by default. Set shadowPath via the older shadowOffset shape, or use the react-native-svg-shadow library if you need precision. Most cases are fine without.
Don’t use both elevation and iOS props on Android. elevation alone produces the Material shadow; adding iOS props doesn’t help and may break expected layouts in some RN versions.
shadowOpacity defaults to 0. If you set everything else but skip shadowOpacity, your iOS card has no shadow. The most common “shadow doesn’t show” cause on iOS.
overflow: hidden clips shadows on iOS. A card with overflow: 'hidden' (e.g., to clip an image to rounded corners) hides its own shadow. Wrap the clipped element in a parent that has the shadow, then put the clipped child inside.
Color names differ. iOS accepts CSS colour names; Android accepts standard names too but some hex strings render differently. Stick to hex ('#000') for cross-platform consistency.
RN 0.71+ supports new architecture. The new (Fabric/TurboModules) renderer respects shadow props more consistently across both platforms. Older versions (RN <0.65) may need third-party libraries like react-native-shadow-2 for visual parity.

When NOT to use this tool

For complex shadows (multiple stacked shadows, inner shadows, coloured shadows beyond simple offsets), use a third-party library: react-native-shadow-2 renders SVG-based shadows that look identical on both platforms. For text shadows, use the dedicated textShadowColor, textShadowOffset, textShadowRadius props (different from view shadows). For Web React Native (RN Web), neither shadow API works — use CSS box-shadow via style.shadowOffset = ... with platform check or a CSS-in-JS library.

Frequently asked questions

Why doesn’t my shadow show on Android?

Three usual causes: (1) you set iOS props but no elevation — Android ignores iOS props; (2) you set elevation but the parent has no backgroundColor — Android needs an opaque background to render the shadow; (3) overflow: 'hidden' on the parent clips the shadow. Add elevation, set backgroundColor, remove overflow: hidden.

Why doesn’t my shadow show on iOS?

Almost always shadowOpacity is 0 (the default). Set it to 0.1–0.3. Other causes: shadowColor is transparent, parent has overflow: 'hidden', or the view has no backgroundColor (transparent views can’t cast shadows on iOS either, though it’s less strict than Android).

Can I have a coloured shadow?

iOS yes — set shadowColor: '#FF0000'. Android no — elevation always renders the system Material shadow which is roughly black with system-controlled opacity. For coloured shadows on Android, use react-native-shadow-2 or render a manual SVG shadow.

Does this work on Expo and bare React Native?

Yes. Both shadow APIs are part of core React Native; they work identically in Expo and bare projects. No native modules required.

What’s the difference between elevation and zIndex?

elevation controls visual shadow depth on Android. zIndex controls render order (which view appears in front). They’re independent — a high-elevation card with low zIndex still appears behind other views. Set both together when you want an elevated card to also be on top.

Is my data uploaded?

No. The generator runs in your browser. The shadow values, preview, and exported StyleSheet stay on your device.

Related tools and guides

May 5, 2026

SHA-224 Hash Generator: 224-bit FIPS Digest [2026]

TL;DR: SHA-224 produces a 224-bit (28-byte / 56 hex character) hash. It’s SHA-256 with a different starting state and a truncated 224-bit output. Designed by NIST in 2004 to provide FIPS-compliant 112-bit collision resistance — useful when you need a SHA-2-family hash but want shorter output than SHA-256. Real-world use: 3DES key derivation, NIST SP 800-57 short-hash specifications, and storage-constrained contexts. Our free SHA-224 hash generator uses the browser’s native WebCrypto API.

SHA-224 is the rarely-used cousin of SHA-256. It exists for one specific reason: NIST needed a SHA-2 family member that matched the output size of legacy 112-bit security applications (mainly 3DES key derivation and some FIPS-mandated short-hash specifications). For most modern use, SHA-256 is the default — same algorithm internally, longer output, more security margin. But if you’re maintaining a system that specifies SHA-224 for compliance, or doing 3DES key derivation per FIPS 800-57, this is the algorithm.

Our SHA-224 hash generator uses the browser’s native SubtleCrypto.digest('SHA-224', ...) implementation. Paste text or drop a file — runs entirely on your device. This guide covers SHA-224’s design, when it’s the right pick over SHA-256, and the gotchas with internal state differences.

SHA-224 vs SHA-256 — when each wins

Algorithm	Output	Collision security	Use case
SHA-224	224 bits (56 hex)	112-bit	3DES key derivation, FIPS short-hash mandates
SHA-256	256 bits (64 hex)	128-bit	Default for new systems
SHA-384	384 bits (96 hex)	192-bit	PKI certificates, high-assurance signatures
SHA-512	512 bits (128 hex)	256-bit	Long-lived archives, when SHA-256 isn’t enough

How SHA-224 differs from SHA-256

Both algorithms run the same compression function on 512-bit blocks. The only differences:

Initial hash value (IV): SHA-224 uses a different 8-word starting state. This means truncating the SHA-256 output to 224 bits is not the same as computing SHA-224 — they produce different results.
Output length: SHA-224 returns 7 of the 8 final words (28 bytes); SHA-256 returns all 8 (32 bytes).
Performance: identical — the work is the same, only the IV and truncation differ.

The “different IV” is critical. If you’re verifying a SHA-224 hash, you must compute SHA-224 specifically, not SHA-256-then-truncate. Get this wrong and your hashes never match.

When you’d actually use SHA-224

SHA-224 is uncommon in 2026. Real use cases:

FIPS 800-57 compliance: NIST’s key-management standard sometimes specifies 112-bit security strength, and SHA-224 is the matching SHA-2 family member.
3DES key derivation: 3DES uses 168-bit keys with 112-bit security; SHA-224 produces a hash matching that strength. (3DES itself was deprecated by NIST in 2017 — most systems have moved to AES.)
Federal procurement specs: some old US government RFP / SOW documents specify SHA-224 explicitly. Match the spec; don’t substitute SHA-256.
Bandwidth-constrained protocols: 56 hex characters vs 64 saves a few bytes per message in tight protocols (extremely rare in 2026).

For new code without a specific compliance reason, use SHA-256. The 8 extra hex characters cost nothing and you get 16 more bits of security margin.

How to compute SHA-224 in your browser

Open the SHA-224 generator
Type or paste text — the digest appears live as you type
Or drop a file — bytes are streamed through the browser’s WebCrypto API
Click Copy. Toggle UPPERCASE or lowercase hex output
For HMAC-SHA-224, enter a key in HMAC mode

Code: SHA-224 in JavaScript

async function sha224(text) {
  const buffer = new TextEncoder().encode(text);
  const hash = await crypto.subtle.digest("SHA-224", buffer);
  return [...new Uint8Array(hash)]
    .map((b) => b.toString(16).padStart(2, "0"))
    .join("");
}

// sha224("hello world") returns
// "2f05477fc24bb4faefd86517156daccfa3e6488427d1f0f217f04b6e"

WebCrypto support: Chrome 37+, Firefox 34+, Safari 11+ — universal in 2026. SHA-224 is part of the WebCrypto digest algorithm set since the spec finalised.

Common gotchas

Don’t confuse SHA-224 with truncated SHA-256. SHA-224 has a different IV. sha256(x).substring(0, 56) !== sha224(x). Compute SHA-224 specifically.
UTF-8 encoding before hashing. Same input, different encoding, different hash. Always use UTF-8.
Don’t use for password storage. SHA-224, like other SHA-2 members, is too fast for password storage. Use bcrypt / argon2id with passwords.
Some libraries don’t ship SHA-224. Older crypto libraries (PHP’s hash() pre-7.0, some C libraries) don’t include SHA-224. Verify your destination supports it before specifying.
Length-extension attacks affect SHA-224 too. Like SHA-256, vulnerable to length extension if used as sha224(secret || data). Use HMAC-SHA-224 instead.
If you can choose, choose SHA-256. Only use SHA-224 if a spec mandates it. The 8 extra hex characters are free.

When NOT to use SHA-224

For new systems without compliance requirements: use SHA-256. For password storage: never SHA-224 (or any plain SHA); use bcrypt / scrypt / argon2id. For TLS / X.509 certificates: SHA-256 minimum (SHA-224 isn’t supported by most CAs). For long-lived archives: SHA-512 for the extra security margin. SHA-224 is a niche tool — match it to a specific spec, otherwise pick a sibling.

Frequently asked questions

Is SHA-224 just truncated SHA-256?

No. They share the same compression function but use different initial hash values (IVs). Truncating SHA-256 to 56 hex characters does NOT produce the SHA-224 hash. Compute SHA-224 specifically using the WebCrypto API or a dedicated library.

Should I use SHA-224 instead of SHA-256?

No, unless a spec mandates it. SHA-224 saves 8 hex characters in output but provides 16 fewer bits of collision security. The bandwidth saving is negligible in 2026; SHA-256 is the safer default for new systems.

Why does SHA-224 even exist?

NIST designed it in 2004 for compliance with key-management standards that specify 112-bit security strength — matching legacy systems like 3DES key derivation. Most legacy systems have moved on; SHA-224 is now mostly used in older federal procurement specs.

Is the WebCrypto API support universal?

Yes — SHA-224 has been part of WebCrypto since the spec finalised in 2014. Chrome 37+, Firefox 34+, Safari 11+, Edge 12+. Universal in 2026.

Is my input uploaded?

No. The generator runs the browser’s WebCrypto API. Text and files are processed locally — never sent to our servers.

Can SHA-224 be reversed?

No. Like all SHA-2 hashes, SHA-224 is a one-way function. Given a hash, there’s no method short of brute force to recover the input. Cracking weak inputs (short passwords) involves trying candidates until one matches — defence is using slow algorithms (bcrypt) for passwords.

Related tools and guides

May 5, 2026

SHA-384 Hash Generator: 384-bit Digest [2026]

TL;DR: SHA-384 produces a 384-bit (48-byte / 96 hex character) hash. It’s SHA-512 with a different starting state and a truncated 384-bit output. 192-bit collision resistance — overkill for most uses, but mandated in NSA Suite B / CNSA-compliant cryptography, TLS 1.3 cipher suites, and US government high-assurance systems. Faster than SHA-256 on 64-bit hardware. Our free SHA-384 hash generator uses the browser’s native WebCrypto API.

SHA-384 occupies the same family-niche as SHA-224: a SHA-2 hash with truncated output for compliance reasons. Where SHA-224 is the truncated SHA-256 for legacy 112-bit security, SHA-384 is the truncated SHA-512 for high-security applications that don’t need a full 512-bit hash but want more than SHA-256’s 128-bit collision resistance. Real-world use is concentrated in government and high-assurance crypto:

TLS 1.3: the TLS_AES_256_GCM_SHA384 cipher suite uses SHA-384 in HKDF for key derivation.
NSA Suite B / CNSA: the US National Security Agency’s commercial cryptography spec requires SHA-384 (or SHA-512) for top-secret data classifications.
PKI / X.509 certificates: ECDSA signatures over P-384 curves naturally pair with SHA-384.
Long-lived archive integrity: the extra 64 bits over SHA-256 add comfortable security margin.

Our SHA-384 hash generator uses the browser’s native SubtleCrypto.digest('SHA-384', ...) API — same code path that handles HTTPS certificate verification — and runs entirely on your device. This guide covers when SHA-384 is the right pick, the performance characteristics, and the gotchas with truncation.

SHA-2 family at a glance

Algorithm	Output	Collision security	Performance
SHA-224	224 bits	112-bit	Same as SHA-256
SHA-256	256 bits	128-bit	Slower on 64-bit
SHA-384	384 bits	192-bit	Same as SHA-512 (faster on 64-bit)
SHA-512	512 bits	256-bit	~30% faster than SHA-256 on 64-bit

Why SHA-384 is faster than SHA-256 on modern hardware

SHA-384 uses the SHA-512 compression function — operating on 64-bit words and 1024-bit blocks — and just truncates the output. On a 64-bit CPU each word fits in a single register. SHA-256, despite producing a smaller output, runs on 32-bit words requiring more operations per byte hashed.

Benchmark on a 2024 laptop:

SHA-256: ~600 MB/s
SHA-384: ~880 MB/s (≈47% faster)
SHA-512: ~880 MB/s (same internal work as SHA-384)

Counter-intuitively, picking SHA-384 over SHA-256 for new code can mean both more security and better performance on 64-bit hardware. The trade-off is 32 extra hex characters in output.

When you’d actually use SHA-384

NSA Suite B / CNSA-compliant systems. US government top-secret classification mandates SHA-384 minimum. If you’re in defence / intelligence contracting, this is the spec.
TLS 1.3 with AES-256-GCM. The TLS_AES_256_GCM_SHA384 cipher suite is one of TLS 1.3’s three default suites. Browsers negotiate it automatically; you don’t pick it manually.
PKI signatures with P-384 curves. ECDSA on the NIST P-384 curve naturally pairs with SHA-384 for matching security level.
Compliance frameworks specifying 192-bit security. Some financial regulations (PCI DSS in select profiles), ANSSI guidelines, BSI specs.
Long-lived archive integrity. The 64 extra bits over SHA-256 add margin for hashes verified decades from now.

For most everyday checksums and integrity verification, SHA-256 is the right default — universally supported, established, well-tested. SHA-384 is for compliance-driven cases.

How to compute SHA-384 in your browser

Open the SHA-384 generator
Type or paste text — the digest appears live
Or drop a file — bytes streamed through WebCrypto, no upload
Click Copy. Toggle UPPERCASE / lowercase output
For HMAC-SHA-384, click HMAC mode and paste a key

Common gotchas

SHA-384 is not truncated SHA-512. Like SHA-224 / SHA-256, the truncated variants use different initial hash values. sha512(x).substring(0, 96) !== sha384(x). Always compute SHA-384 specifically.
UTF-8 encoding before hashing. Same input, different encoding, different hash. Use UTF-8.
Don’t use for password storage. SHA-384 is too fast — use bcrypt / scrypt / argon2id for passwords.
HMAC-SHA-384 has different block size. SHA-384 / SHA-512 use 1024-bit (128-byte) blocks; SHA-256 uses 512-bit (64-byte) blocks. HMAC implementations need to use the matching block size — common bug in hand-rolled HMAC code.
Length-extension affects bare SHA-384 too. Use HMAC, not sha384(secret || data).
Some old systems don’t ship SHA-384. Older PHP, older Java, very old C libraries may lack SHA-384. Check support before specifying.

When NOT to use SHA-384

For everyday integrity checks (file checksums, deterministic IDs, message integrity in non-compliance contexts), SHA-256 is the right default — universally supported, smaller output, well-known. For password storage: use bcrypt / scrypt / argon2id; never plain SHA-384. For the longest possible security margin in archive integrity: SHA-512 (full output, same algorithm internally). For TLS 1.3 cipher suite selection: don’t manually pick — let the protocol negotiate. Use SHA-384 specifically when a spec mandates it.

Frequently asked questions

Is SHA-384 stronger than SHA-256?

Yes — 192-bit collision resistance vs SHA-256’s 128-bit. Both are far beyond what’s brute-forceable today; SHA-384 matters when compliance frameworks demand the higher security level (NSA Suite B / CNSA, certain financial standards).

Why is SHA-384 sometimes faster than SHA-256?

SHA-384 uses the SHA-512 compression function, which operates on 64-bit words. On 64-bit CPUs each word fits a single register, giving SHA-384 / SHA-512 a 30–50% throughput advantage over SHA-256. On 32-bit hardware (rare in 2026) the trade reverses.

Is SHA-384 just truncated SHA-512?

Same compression function, different initial hash values (IVs). Truncating SHA-512 to 96 hex characters does NOT produce the SHA-384 hash. Always compute SHA-384 specifically.

Should I use SHA-384 or SHA-512 for new code?

Without a specific compliance reason, SHA-256 is the default. If you need 192-bit collision resistance, SHA-384. If you need 256-bit, SHA-512. Don’t pick SHA-384 over SHA-512 for marginal output-size reasons — both run the same internal work.

Is my input uploaded?

No. The generator runs the browser’s native SubtleCrypto.digest API. Text and files are processed locally — never sent to our servers.

What’s HMAC-SHA-384 and when is it used?

HMAC-SHA-384 is a keyed hash combining a secret key with the SHA-384 algorithm. Used for message authentication where you need to verify both data integrity and that the sender knew the key. Common in JWT signatures (JOSE algorithm HS384) and AWS Signature Version 4 for high-assurance API calls.

Related tools and guides

May 5, 2026

CSS Formatter: Beautify CSS, SCSS, LESS in Browser [2026]

TL;DR: A CSS formatter (or “CSS beautifier”) reformats minified, copied, or messy CSS into consistently-indented, readable rules. Use it on copied CSS from a CDN, AI-generated styles, or styles dumped from DevTools. Our free CSS formatter uses Prettier 3 in your browser with full support for modern CSS — custom properties, native nesting, container queries, @layer, OKLCH — plus SCSS, LESS, and PostCSS.

Reading minified CSS is a productivity tax. Tailwind’s compiled stylesheet is one giant line; a copied snippet from CodePen often arrives as a single rule with no breaks; CSS dumped from DevTools’ “Copy all declarations” comes back without the selectors that gave each rule meaning. A formatter restores hierarchy: each rule on its own line, properties indented, @media blocks visible at a glance.

Our CSS formatter runs Prettier 3 in your browser with the same parser used by VS Code’s “Format Document” command. It handles plain CSS, SCSS, LESS, PostCSS, and modern CSS features (CSS variables, native nesting, :has(), container queries, @layer, OKLCH, color-mix()). Outputs clean, idiomatic CSS that round-trips through any tool. This guide covers when to format vs minify, the SCSS-specific rules, and the gotchas with copied browser DevTools styles.

Prettier CSS options that matter

Option	Default	Notes
`printWidth`	80	Affects wrapping of long selectors and value lists
`tabWidth`	2	Standard for modern CSS; 4 for legacy stacks
`singleQuote`	false	Strings in `url()` and `content:` values
`endOfLine`	“lf”	“crlf” only for Windows-only repos
Property sort	off	Optional — alphabetical, or by Idiomatic CSS groupings

Prettier’s CSS formatter is deliberately small on options. Modern CSS toolchains add property sorting via separate plugins — stylelint-config-prettier + stylelint-order — rather than baking it into the formatter.

SCSS, LESS, and PostCSS

The same Prettier engine handles three preprocessor dialects:

SCSS: nested selectors, @mixin, @include, @if/@else, @function, dollar-prefixed variables. Indentation follows nesting depth.
LESS: mixins as classes, @variable syntax, guards. Slightly different rules than SCSS.
PostCSS: raw CSS plus plugin-specific syntax. Prettier formats whatever is valid CSS-AST — plugin syntax (e.g., @apply from Tailwind) passes through.

Pick the parser explicitly when auto-detection fails. .scss file extension defaults to SCSS; .less defaults to LESS; .css defaults to plain CSS. Paste-mode without an extension defaults to plain CSS, which can produce odd output for SCSS code (mixin syntax becomes invalid CSS).

How to format CSS in your browser

Open the CSS formatter
Paste your CSS or drop in a .css/.scss/.less file
Pick the parser if auto-detect doesn’t catch it
Adjust print width and indent style if needed
Click Format — output appears with syntax highlighting
Copy or download as .css

Modern CSS that older formatters break

Older CSS beautifiers (cssbeautify, online-beautify) corrupt several modern features:

Native nesting: .card { .title { color: red; } } — older formatters flatten or fail to parse. Prettier handles nesting correctly.
Container queries: @container (width > 400px) { … } — preserved with all syntax variants.
:has() selector: the parent selector is preserved without quote-mangling.
OKLCH and color-mix(): new colour formats pass through unchanged.
@layer: cascade layer ordering is preserved exactly — never reordered, since order has semantic meaning.
CSS custom properties: long fallback chains (var(--a, var(--b, red))) are preserved verbatim.

Common gotchas

Tailwind utility class output is not formatted. Tailwind generates a flat list of single-rule classes; formatting won’t help. Format your custom CSS only — let Tailwind manage its own output.
DevTools “Copy all declarations” loses selectors. The clipboard gets color: red; padding: 8px; with no .btn { … } wrapper. Format won’t recover the selector — re-copy with the selector context.
Property order is preserved by default. CSS cascade-sensitive code relies on order for shorthand-then-override patterns (margin: 0; margin-top: 8px;). Don’t enable property sorting if you have that pattern.
SCSS @mixin formatting is opinionated. Prettier always inlines short mixin calls; long ones wrap. Your style guide may differ. Override locally with // prettier-ignore comments above specific blocks.
Don’t format minified CSS and re-deploy. Format your source files; let your build step minify the output. Formatted production CSS is 30% bigger and slower.
Older Prettier versions handle modern CSS poorly. Always use Prettier 3+ for native nesting, container queries, and the OKLCH colour space. Prettier 2.x will silently produce wrong output for these.

When NOT to use a browser CSS formatter

For a real codebase, install Prettier locally (npm i -D prettier), commit a .prettierrc, and let editors format on save. That eliminates style drift across collaborators. Use this browser tool for one-off snippets, copy-paste from CodePen / DevTools / AI assistants, third-party stylesheets you need to inspect, and quick previews of how Prettier would render styles in a project that doesn’t have it set up yet. For Stylelint integration, install stylelint-config-prettier alongside Prettier locally.

Frequently asked questions

Does this support SCSS, LESS, and PostCSS?

Yes. Prettier 3 handles plain CSS, SCSS, LESS, and PostCSS. Auto-detection picks the parser from the file extension; you can override manually for paste-mode (file extension is unknown).

Will the formatter sort my properties alphabetically?

Not by default. Prettier preserves property order — important because some CSS relies on order for shorthand-then-override patterns. Property sorting is a separate Stylelint plugin (stylelint-order); install it locally if you want sorted output.

Does it support modern CSS features like nesting and container queries?

Yes. Prettier 3 handles native CSS nesting, container queries, :has(), @layer, OKLCH, color-mix(), and relative-colour syntax. Older formatters break these — always use Prettier 3+ for modern stylesheets.

Can I unformat (minify) CSS with this tool?

No — opposite operations. For minification, use the CSS Minifier. The typical pipeline: format while editing, minify before deploying.

Is my CSS uploaded?

No. Prettier runs in your browser via WebAssembly. Stylesheets never reach our servers — useful for proprietary or pre-release styles.

Why does my SCSS look wrong after formatting?

Most likely the parser was set to plain CSS instead of SCSS. SCSS-specific syntax (@mixin, @include, dollar variables) is invalid CSS. Switch the parser to SCSS and reformat.

Related tools and guides

May 4, 2026

JavaScript Formatter: Beautify JS with Prettier [2026]

TL;DR: A JavaScript formatter (also called a beautifier) reformats messy or minified JS into consistently-indented, readable code. Our free JavaScript formatter runs Prettier 3 in your browser — the same engine 80%+ of professional JS teams ship — with full TypeScript and JSX support, configurable print width, semis, and quote style. No upload, paste any size.

Inconsistent formatting is the silent productivity tax of every codebase. Two engineers who disagree about semicolons or trailing commas will spend more time arguing about diffs than fixing bugs. The industry settled this argument in 2017 when Prettier shipped: pick a config once, run the formatter on save, and the rest is mechanical. By 2026, Prettier is the default formatter in VS Code, the default in Next.js / Remix / Vite scaffolds, and a hard requirement on most engineering teams.

Our JavaScript formatter runs Prettier 3 in your browser via WebAssembly. It handles JavaScript (ES2024), TypeScript, JSX, TSX, JSON, and Markdown code blocks. Use it to beautify a one-liner you copied from a build output, to reformat code from a tutorial that uses different indentation than your project, or to apply Prettier without installing anything. This guide covers every option, the differences vs Beautify.js, and when to use a formatter vs a minifier.

Prettier options that matter (and the defaults to start with)

Option	Default	When to change
`printWidth`	80	100 or 120 if your team uses wide monitors
`tabWidth`	2	4 only if you write Java/C# style or for accessibility
`useTabs`	false	true for accessibility (screen readers can adjust width)
`semi`	true	false if your team writes Standard JS / no-semi style
`singleQuote`	false	true for most codebases (preferred by Airbnb / Standard)
`trailingComma`	“all”	“es5” if targeting old browsers (rare in 2026)
`bracketSpacing`	true	false to compress (against the Prettier philosophy)
`arrowParens`	“always”	“avoid” if your style guide forbids parens around single arrow args

The defaults are deliberately opinionated. Prettier’s design philosophy is “you don’t get to choose 30 micro-options” — pick a print width and a quote style and stop bikeshedding. Most teams adjust at most 3 fields.

Prettier vs Beautify.js vs ESLint –fix

Prettier: opinionated, fast, only handles formatting (no logic). Makes formatting a non-decision.
Beautify.js: the older formatter (jsbeautify). More configurable, less consistent. Still acceptable for one-off cleanup but hasn’t been the team standard since 2018.
ESLint –fix: a linter that can reformat. Powerful but slower than Prettier and requires you to author the rules. Most teams run ESLint and Prettier — Prettier handles whitespace, ESLint handles correctness (unused vars, missing await).
Editor-only: VS Code’s built-in formatter is OK for ad-hoc edits but doesn’t enforce a project-wide style.

Use Prettier for production code; use this browser tool for one-off snippets where installing Prettier locally is overkill.

How to format JavaScript in your browser

Open the JavaScript formatter
Paste your code (works for JS, TS, JSX, TSX, JSON)
Pick parser (auto-detect usually works) and adjust print width, semis, quotes
Click Format — output appears with syntax highlighting
Click Copy or Download

TypeScript and JSX formatting (the parser matters)

Prettier auto-detects in most cases, but ambiguity is real: <Foo>bar</Foo> is JSX in a .jsx file and a TypeScript type assertion in a .ts file. Tell the formatter explicitly which parser to use:

babel — JS with JSX (default for most React code)
typescript — TS without JSX
babel-ts — TS with JSX (TSX files)
json — JSON / JSON5 / package.json
flow — Facebook’s Flow type annotations (declining usage)

Picking the wrong parser produces silent failures — Prettier returns the input unchanged. If formatting “did nothing”, switch the parser.

Common gotchas

Don’t format generated code. If a file ends in .min.js, don’t re-format it — variable names are mangled, formatting won’t recover them, and you’ll bloat your repo with un-debuggable output.
Prettier won’t fix logic. Missing semicolons in ASI-trap positions (return\n[1,2,3]) get a semicolon inserted — the code’s behaviour stays “broken”. Use ESLint’s no-unreachable for those.
Magic strings inside string templates aren’t formatted. Code inside template literals (`code goes here`) is treated as a string. To format embedded code, extract it.
JSON allows trailing commas only with parser “json5”. Standard JSON doesn’t permit them. The default json parser strips trailing commas.
Prettier 3 changed defaults from Prettier 2. trailingComma default went from "es5" to "all". If you regenerate a file with v3 and check it in, expect comma-only diff noise.
Auto-format on save can fight version control. If two devs use different Prettier versions, every save generates noise. Pin a version with "prettier": "3.x" in your package.json and commit the .prettierrc.

When NOT to use a browser formatter

For a real codebase, install Prettier locally (npm i -D prettier), commit a .prettierrc, and configure your editor to format on save. That gives every collaborator the same output and removes formatting from code review entirely. Use this browser tool for one-off snippets, code from a tutorial that disagrees with your style, copy-paste from build logs, or quick previews of how Prettier would render code in a project that doesn’t have it set up yet.

Frequently asked questions

Does this support TypeScript and JSX?

Yes. The formatter ships Prettier 3 with all the standard parsers: babel (JS+JSX), typescript (TS), babel-ts (TSX), json, and flow. Auto-detect picks the right parser from the file extension when you upload, or you can override the parser manually for paste-mode.

Can I save my Prettier config?

Settings persist in your browser’s localStorage between sessions. There’s also a “Copy as .prettierrc” button that exports your settings as a JSON file ready to drop into a project root.

What’s the difference between formatting and minifying?

Opposite jobs. Formatting adds whitespace and indentation for readability (build-time → editor view). Minifying removes whitespace and renames variables to shrink file size (editor → build → CDN). Use a formatter while you’re writing code; use a minifier as the last step before deploy.

Can I format minified code back into readable code?

Partially. Whitespace and indentation are restored; structure is recovered. But variable names that were mangled to a, b, c stay mangled — that information is gone unless you have the original source map. Use this for “what does this function do?”-grade reverse engineering, not for full source recovery.

Is my code uploaded?

No. Prettier runs in your browser via WebAssembly. Code is never uploaded to our servers — safe for proprietary, pre-release, or sensitive code.

What’s the size limit?

Effectively your browser’s available memory. Prettier handles files of several MB without trouble; very large files (10K+ lines) can take 2–5 seconds. For batch formatting of many files, use Prettier locally via npx prettier --write instead.

Related tools and guides

May 4, 2026

JavaScript Minifier: Shrink JS 60–70% in Browser [2026]

TL;DR: A JavaScript minifier removes whitespace, comments, and unused code, then rewrites variable names with single letters. Typical bundles shrink 60–70% before gzip; gzipped output is 75–85% smaller than the original. Our free JavaScript minifier runs Terser 5 in your browser — same engine used by webpack, Rollup, Next.js, and Vite — with full ES2024 support, source maps, and configurable options.

Minifying JavaScript is the cheapest performance win in a web project. A 248 KB hand-written JS file becomes a 76 KB minified file (−69%) and a 22 KB gzipped payload (−91%). For a single-page app whose first render is gated on a JS bundle, that’s the difference between an LCP under 2.5 seconds and a sluggish first paint. Build tools like webpack, Vite, and Next.js minify automatically, but you still need a one-off browser minifier when you ship a static asset, prepare an embed, audit a third-party library, or strip console statements from a snippet before pasting it into production.

Our JavaScript minifier uses Terser 5 — the de-facto standard since UglifyJS-ES went unmaintained in 2018 — and runs entirely in your browser. ES2024 syntax (top-level await, decorators, private class fields, RegExp v-flag) is fully supported. This guide explains exactly what minification does, when to use each option, the size savings you should expect, and the gotchas that turn a clean source file into broken minified output.

What minification actually does (and doesn’t)

Transformation	Savings	Risk?
Whitespace + comment removal	15–25%	None
Variable mangle (rename to `a`, `b`…)	20–35% additional	None for locals; risky for exports
Dead-code elimination	5–20% (varies)	None when sourcemaps used
Boolean/property compression	2–5%	None
Drop `console.*` statements	1–3%	Loses debug visibility
Property mangle (`obj.foo` → `obj.a`)	10–20% additional	High — breaks JSON/runtime keys

The default Terser preset gives you the first 5 transforms safely. Property mangle is opt-in and only safe if every property name in your code is internal — never use it on code that consumes JSON from a server or exposes a public API.

Realistic file-size expectations

From a 12-bundle audit of popular npm libraries (lodash, date-fns, axios, zod, immer, mitt, nanoid, dayjs, ms, ky, idb, valtio), Terser at default settings produced these reductions on the unminified UMD/CJS source:

Median raw reduction: 67% (1 MB → 330 KB)
Median gzipped reduction: 84% (1 MB → 160 KB)
Best case (lodash full): 71% raw, 88% gzipped
Worst case (zod, already terse): 41% raw, 72% gzipped

Roughly: minification halves the size; minification + gzip removes 80–90%. If a file is already minified (filename ending in .min.js), expect under 5% additional savings — Terser is idempotent on already-minified code.

How to minify JavaScript in your browser

Open the JavaScript minifier
Paste your code or drop in a .js file (up to several MB)
Pick options: Mangle, Compress, Drop console, Source map
Click Minify — output appears with before/after sizes
Click Copy or Download .min.js (and .map if source maps are enabled)

Source maps: why you should always generate one

A source map (.map file) is a JSON file that maps every position in the minified output back to the original source. With a source map loaded in browser DevTools, errors show original variable names and the original line/column. Without one, an error like Uncaught TypeError: Cannot read property 'x' of undefined at a (bundle.min.js:1:24871) is unactionable.

Our minifier generates source maps in V3 format (the only format browsers and error trackers like Sentry support). Two options: external (separate .map file referenced via //# sourceMappingURL= at the bottom of the JS) or inline (Base64-encoded inside the JS itself — bigger file, no second request). Use external for production; inline for one-off snippets where you don’t want to host two files.

Common gotchas

Don’t mangle property names by default. The Terser mangle.properties option renames obj.userName to obj.a. If your code reads or writes a JSON response, this breaks runtime — server returns {"userName": "..."} but your minified code looks for obj.a.
Always produce sourcemaps for production. Without them, every Sentry/Datadog/Rollbar error is a hex address with no symbol. Upload .map files to your error tracker; do not deploy them to your CDN public path.
Drop console for production only. The drop_console option strips all console.* statements — including console.error in catch blocks. If you rely on those for production diagnostics, use pure_funcs: ['console.log', 'console.debug'] to keep error and warn.
Comments matter for licences. By default Terser drops every comment. Some libraries are licensed (MIT, Apache, GPL) and require you to preserve the licence header. Use the /* @preserve */ or /*! ... */ annotation, or set Terser’s format.comments to 'some'.
Top-level await disables some optimisations. Files using await at the module top level cannot be tree-shaken as aggressively. Bundle splitters often produce a separate chunk for these modules.
Don’t minify twice. Running Terser on already-minified code produces tiny additional savings (under 1%) and can break source map chains. Only minify once, at the build-final stage.

When NOT to use a browser minifier

If you have a build pipeline (webpack, Vite, esbuild, Next.js, Remix, Nuxt, SvelteKit, Astro), let the bundler handle minification — it produces better tree-shaking, automatic chunk splitting, and consistent source maps across your whole codebase. Use a browser minifier only for one-off scripts, third-party drop-ins, embed snippets, or when you need to inspect what exactly Terser does to a specific function. For Node.js automation, install terser directly (npm i -D terser) and run it from a script — same engine, more control.

Frequently asked questions

Is Terser safe to use on modern ES2024 syntax?

Yes. Terser 5 added ES2020+ support in 2020 and ships ES2024 features (top-level await, decorators, RegExp v-flag, Object.hasOwn, Array grouping). The minifier reads the source as the latest ECMA spec by default. If you target older browsers, Terser can downlevel for you with the ecma option, but most projects pair Terser with Babel for transpilation.

How much does gzip add on top of minification?

About another 50%. A 76 KB minified file gzips to roughly 22 KB. Brotli (used by most CDNs since 2019) shrinks another 8–15% beyond gzip. Always serve .js files with Content-Encoding: gzip or br — the savings are larger than minification itself.

Will minification change how my code runs?

Functionally, no — Terser is conservative by default. Two edge cases to watch: Function.prototype.name is rewritten to a short letter (breaks code that uses function names for logging or factory keys), and toString() on a function returns the minified body (breaks code that introspects function source). Both are rare; document them if your code relies on them.

Can I unminify or beautify minified code?

Partially. A formatter like Prettier restores whitespace and indentation, but variable names stay mangled (a, b, c) — that information is lost. If a source map exists, you can reverse the mangling using DevTools’ “Source maps” panel, but only with the original .map file.

Is my code uploaded?

No. The minifier runs Terser entirely in your browser via WebAssembly. Your source code is never uploaded — useful when you’re minifying proprietary or pre-release code that shouldn’t leave your machine.

What’s the size limit for the input?

Effectively your browser’s available memory. Terser has minified single files of 10+ MB in our testing on a laptop. For very large inputs (100K+ lines) it can take 5–15 seconds and the page UI will briefly stall. The output streams as soon as parsing completes.

Related tools and guides

May 4, 2026

HTML Minifier: Compress HTML Safely in Browser [2026]

TL;DR: An HTML minifier removes whitespace, comments, redundant attribute quotes, and (optionally) minifies inline <style> and <script> blocks. Typical pages shrink 20–35% pre-gzip. Use it on static pages, email templates, and AMP documents — but skip it on server-rendered HTML where bytes matter less than build complexity. Our free HTML minifier runs html-minifier-terser in your browser with safe defaults you can override.

HTML is the easiest place to leave bytes on the floor. Hand-authored markup carries indentation, comments, optional closing tags (</li>, </p>), and quoted attributes that could be unquoted. A 112 KB hand-written page minifies to 78 KB (−30%); add gzip and you’re at roughly 18 KB on the wire. For a marketing landing page or an email template that ships unchanged for months, those savings compound across every visit.

Our HTML minifier wraps html-minifier-terser — the de-facto Node.js engine since 2017 — and runs it entirely in your browser. It minifies inline CSS via csso and inline JS via Terser, both included. This guide covers what’s safe to strip, what to leave alone, and the gotchas that turn perfectly valid HTML into broken markup.

What HTML minification removes (and the size impact)

Transform	Example	Savings
Collapse whitespace	Indentation between tags	10–25%
Remove comments	`<!-- ... -->`	2–8%
Drop optional tags	`</li>` at end of `<li>`	1–3%
Unquote attributes	`id="x"` → `id=x`	1–2%
Drop redundant attrs	`type="text"` on `<input>`	<1%
Boolean attribute collapse	`disabled="disabled"` → `disabled`	<1%
Minify inline CSS	csso on `<style>` blocks	3–10% (depends on CSS)
Minify inline JS	Terser on `<script>` blocks	3–8% (depends on JS)

Safe vs aggressive: which options to enable

html-minifier-terser exposes about 30 boolean flags. Most are safe; a handful change rendering or break edge cases. Our default preset turns on these safe options:

collapseWhitespace — strip indentation between tags. Won’t collapse whitespace inside <pre>, <textarea>, or content marked with white-space: pre.
removeComments — strip . Preserves IE conditionals (.
removeRedundantAttributes — drops type="text", method="get", etc.
collapseBooleanAttributes — checked="checked" → checked.
minifyCSS + minifyJS — minify inline blocks.

Options to enable only with care:

removeOptionalTags — drops </li>, </p>, </td>. Valid HTML5 but breaks XML-strict tooling and some legacy parsers.
removeAttributeQuotes — saves a few bytes but breaks if an attribute value contains spaces or special characters.
conservativeCollapse — preserves a single space at edges where collapsing might affect rendering. Safer but smaller savings.

How to minify HTML in your browser

Open the HTML minifier
Paste your HTML or drop in an .html file
Pick the preset: Safe (default), Aggressive, or Email-template-safe
Click Minify — output appears with before/after sizes
Copy or download as .min.html

Email-template gotchas

HTML emails are the wild west: Outlook 2016 still parses HTML4 with quirks, Gmail strips <style> blocks under certain conditions, and Apple Mail rendering disagrees with iOS Mail in subtle ways. Aggressive minification breaks emails in ways that don’t show up in DesktopGmail but break in Outlook. Use the Email-template-safe preset, which:

Keeps all attribute quotes (Outlook chokes on unquoted)
Preserves IE conditional comments (<!--[if mso]>)
Doesn’t drop optional tags
Doesn’t minify inline CSS (some clients require expanded CSS)
Preserves <!--[if !mso]> and mso-* proprietary attributes

Test minified email templates with Litmus or Email on Acid before sending; visual inspection in Gmail web won’t catch Outlook breakage.

Common gotchas

Whitespace inside <pre> and <textarea> is significant. Minifiers preserve it by default; verify your output if you’ve added unusual elements with white-space: pre styling.
Inline templates (Vue, Handlebars, JSX) can break. Whitespace between adjacent text nodes carries meaning in some templating languages. Minify the rendered output, not the template source.
Attribute order changes. Some minifiers reorder attributes alphabetically. If you have CSS or JS that depends on attribute order (rare but real), turn that off.
JSON-LD inside <script type="application/ld+json"> is preserved. Minifiers shouldn’t touch JSON-LD content, but a buggy minifier may strip its leading whitespace and break parsing. Verify schema validates after minifying.
Don’t minify HTML you’ll edit later. Minified HTML is unreadable. Keep the source, generate the minified output as a build artefact, and never commit minified HTML to your repo unless that’s your only deployment artefact.
Multi-byte characters get corrupted by some legacy minifiers. html-minifier-terser handles UTF-8 correctly. Older “html-tidy” tools strip emoji and non-Latin characters silently.

When NOT to use a browser HTML minifier

For server-rendered apps (Next.js, Nuxt, Remix, SvelteKit, Astro), HTML minification is automatic in production builds. For static site generators (Eleventy, Hugo, Jekyll), it’s a single config flag. For email templates, install html-minifier-terser locally and run it as part of your build with the email-safe preset baked in. Use this browser tool for one-off pages, snippets pasted from a CMS, AMP pages prepared by hand, and email templates you edit visually.

Frequently asked questions

Is minified HTML still valid?

Yes — html-minifier-terser produces valid HTML5. Even with optional-tag removal, the output passes the W3C validator. The exception is removeAttributeQuotes, which produces non-quoted attribute values that some old browsers (IE6/7) don’t handle correctly. Stick to the safe preset for maximum compatibility.

How much will gzip add on top of HTML minification?

Roughly another 60–70%. A 78 KB minified HTML file gzips to about 22 KB. HTML compresses extremely well because of repeated tag names and attribute values. Always serve .html with Content-Encoding: gzip or br.

Will minification break my Schema.org JSON-LD?

No — html-minifier-terser preserves <script type="application/ld+json"> contents intact. The JSON inside is passed through unchanged. If your schema breaks after minifying, the issue is elsewhere — usually whitespace stripping outside the script tag concatenating two adjacent script blocks.

Can I minify HTML emails for Mailchimp or SendGrid?

Yes, but use the email-template-safe preset. Modern email clients tolerate minified HTML, but Outlook 2016 and earlier choke on unquoted attributes and missing optional tags. Test in Litmus before sending.

Is my HTML uploaded?

No. The minifier runs in your browser via WebAssembly. Pasted markup never reaches our servers — useful when minifying pre-release pages, internal docs, or email templates with proprietary content.

What’s the difference between an HTML minifier and a CSS minifier?

HTML minifiers strip whitespace and tags from markup; CSS minifiers strip whitespace and shorten selectors inside stylesheets. Our HTML minifier also minifies inline <style> and <script> blocks, so for a single HTML file with embedded CSS/JS, one pass through the HTML minifier handles everything.

Related tools and guides

May 4, 2026

Base64 Encoder Decoder: Text & Files in Browser [2026]
TL;DR: A Base64 encoder/decoder converts arbitrary binary or text data to and from a 64-character ASCII representation safe to embed in URLs, JSON, email, and source code. Text and small files encode in your browser via our free Base64 tool. Use the URL-safe variant (replaces + and / with - and _) for tokens that ride through query strings.

Base64 is everywhere: data URIs (data:image/png;base64,iVBOR…), email attachments (MIME), JWT tokens, SAML assertions, OAuth flows, the Authorization header in HTTP basic auth, embedded SVG icons in CSS, X.509 certificates wrapped in PEM. It’s not encryption — anyone can decode it — it’s a transport-safe encoding that lets binary data ride through systems that only accept ASCII text. Every developer needs to encode or decode Base64 several times a week, and most reach for an online tool because the language built-ins are awkward.

Our Base64 encoder/decoder handles text and binary files entirely in your browser — no upload, no server roundtrip. URL-safe variant supported. This guide explains what Base64 actually does, when each variant matters, the security non-confusion (Base64 is not encryption), and the workflows that drive most “base64 encoder online” searches.

What Base64 actually does

Base64 takes 3 bytes (24 bits) of input and represents them as 4 ASCII characters (each carrying 6 bits of information, drawn from a 64-character alphabet of A-Z, a-z, 0-9, plus + and /). The 64th character (technically the 65th — =) is padding when the input length isn’t a multiple of 3. The result is always 4/3 the size of the input — a 30 KB image becomes 40 KB of Base64 text.
- Standard Base64: uses A-Z a-z 0-9 + /. Output may include = padding. Right for email, MIME, most binary-in-text contexts.
- URL-safe Base64: replaces + with - and / with _. Right for tokens, query strings, filenames — anywhere + and / have other meanings.
- Base64 with padding stripped: some systems (JWT tokens, OAuth) strip the trailing = padding because it’s redundant when the length is known. The decoder needs to handle both padded and unpadded inputs.
Five common Base64 use cases
- Data URIs in CSS or HTML. Inline a small icon or font in your stylesheet to avoid an extra HTTP request: background: url("data:image/svg+xml;base64,PHN2…"). Best for assets under 4-8 KB.
- HTTP Basic Auth. The Authorization: Basic {base64(username:password)} header. Encoded, not encrypted — always pair with HTTPS.
- JWT token payloads. Each segment of a JWT is URL-safe Base64. Decoding reveals the header, claims, and signature without verifying authenticity.
- Email attachments (MIME). Email transports text only; Base64 encodes binary attachments for transport.
- Storing binary data in JSON. JSON has no native binary type. Base64 wraps the bytes as a string field.
How to use the browser Base64 tool
1. Open the Base64 encoder/decoder
2. Pick a mode: Encode (text/file → Base64) or Decode (Base64 → text/file)
3. For text: paste into the input area; the result appears live
4. For files: drop a file into the file panel — the encoded Base64 appears immediately, with a copy button
5. Toggle URL-safe variant if you need to embed the result in a URL or JWT-style context
6. Click Copy or Download. Decoded files download with their original or detected MIME type
All operations run in your browser via the standard btoa / atob primitives plus modern TextEncoder for Unicode handling.

Base64 in code — every common language
```
// JavaScript (browser)
btoa("Hello, world!");                    // "SGVsbG8sIHdvcmxkIQ=="
atob("SGVsbG8sIHdvcmxkIQ==");             // "Hello, world!"

// JavaScript (Node) — Buffer is the standard
Buffer.from("Hello, world!").toString("base64");
Buffer.from("SGVsbG8sIHdvcmxkIQ==", "base64").toString();

// Python
import base64
base64.b64encode(b"Hello, world!").decode()      # "SGVsbG8sIHdvcmxkIQ=="
base64.b64decode("SGVsbG8sIHdvcmxkIQ==").decode()

# URL-safe variant
base64.urlsafe_b64encode(b"data?with/special").decode()

// Bash
echo -n "Hello, world!" | base64                  # SGVsbG8sIHdvcmxkIQ==
echo "SGVsbG8sIHdvcmxkIQ==" | base64 -d           # Hello, world!

// Go
import "encoding/base64"
base64.StdEncoding.EncodeToString([]byte("Hello"))
base64.URLEncoding.EncodeToString([]byte("Hello"))
```
Common Base64 mistakes
- Confusing Base64 with encryption. Base64 is reversible by anyone — it’s not security. Sensitive data in Base64 is sensitive data in plaintext. Use TLS, encryption (AES, RSA), and hashing (SHA-256) for actual security.
- Mixing standard and URL-safe variants. A token encoded URL-safe (-_) won’t decode with a standard decoder (expecting +/). Both your encoder and decoder must use the same variant.
- Forgetting Unicode encoding. JavaScript’s btoa only handles Latin-1 characters by default. For Unicode strings, encode to UTF-8 first: btoa(unescape(encodeURIComponent(str))) or use TextEncoder.
- Inlining huge images as data URIs. A 500 KB image becomes 670 KB of Base64 — bloats your HTML/CSS, slows initial render. Use data URIs only for assets under ~8 KB.
- Padding handling. Some systems strip the trailing = from Base64 (notably JWT). Decoders must handle both forms or pad inputs to a multiple of 4 before decoding.
When NOT to use Base64
- For storing passwords or secrets. Use proper hashing (Argon2id, bcrypt) for passwords. Base64 of a password protects nothing.
- For very large files. Base64 inflates size by 33%. Send binary data via multipart/form-data or direct binary uploads instead.
- For data already URL-safe. If your text is already ASCII without special characters, Base64 just bloats it. Plain text passes through URL params fine after URL-encoding.
- As a checksum. Base64 doesn’t detect corruption. Use SHA-256 for integrity verification.
Frequently asked questions

Is Base64 encryption?

No. Base64 is encoding, not encryption. Anyone can decode Base64 instantly without a key. It’s the wrong tool for keeping data secret. Use real encryption (AES-GCM, RSA, libsodium) for confidentiality.

What’s the difference between Base64 and URL-safe Base64?

Standard Base64 uses + and / in its alphabet. These have special meanings in URLs and filenames, so URL-safe Base64 substitutes - for + and _ for /. JWT tokens, OAuth, and most modern API tokens use the URL-safe variant.

Why does Base64 add 33% size?

Three input bytes (24 bits) become four output characters, each storing 6 bits — a 4:3 ratio. The math is fundamental to representing 8-bit data in a 6-bit-per-character alphabet, plus padding. Total inflation is exactly 4/3 of the input.

Can I encode a file with the browser tool?

Yes — drop any file into the file panel. The browser reads it via the FileReader API, encodes locally, and shows the Base64 with a copy button. No upload. Works for files up to roughly 100 MB before browser memory becomes the bottleneck.

What’s the maximum size for a data URI in CSS?

Practically ~8 KB for a single asset. Beyond that, the bloat to your CSS/HTML outweighs the saved HTTP request. For larger assets, serve as a regular file and let HTTP/2 multiplex the request — modern browsers handle parallel asset loading efficiently.

Is my data uploaded when I use the tool?

No. The tool uses browser-native btoa/atob and FileReader API for files. All processing is local. Verify in DevTools Network tab — there are no requests when you encode or decode.

Related tools and guides
May 4, 2026

CSS Minifier: Shrink Stylesheets 30–45% in Browser [2026]

TL;DR: A CSS minifier strips whitespace and comments, shortens colour values (#ffffff → #fff), merges duplicate @media blocks, and removes redundant rules. Typical stylesheets shrink 25–45% before gzip; gzipped they shrink 75–85% from raw. Our free CSS minifier runs csso in your browser with full support for modern CSS — custom properties, nesting, container queries, @layer, OKLCH colours.

CSS is render-blocking by default. Until the browser downloads, parses, and applies your stylesheet, the page can’t paint a single pixel. Every kilobyte of CSS in the critical path adds latency. Minification is the cheapest fix: a 84 KB stylesheet with comments and indentation becomes a 52 KB minified file (−38%) and a 12 KB gzipped payload (−86%). For a Tailwind-based site that ships 200 KB of utility CSS, that’s a difference users notice on a 4G connection.

Our CSS minifier uses csso (the engine behind Yandex’s stack) with optional clean-css fallback for legacy edge cases. It handles modern CSS — CSS variables, native nesting, container queries, @layer, the OKLCH colour space, and the new :has() selector — without breaking syntax. Paste any size, get instant minified output, and download or copy. This guide covers what minification does to CSS specifically, the size savings to expect, and the gotchas that turn a working stylesheet into a broken one.

What CSS minification actually does

Transform	Example	Savings
Whitespace + comments	remove all `/* … */` and indentation	15–30%
Hex shortening	`#ffffff` → `#fff`	2–4%
Zero unit drop	`0px` → `0`	1–2%
Leading zero drop	`0.5em` → `.5em`	<1%
Shorthand collapse	`margin: 0 0 0 0` → `margin: 0`	1–3%
Selector dedupe	merge two `.btn{...}` rules	2–8%
`@media` merge	two identical media queries → one block	3–10%
Property merge	`border-top:0;border-right:0` → `border:0`	1–4%

Total typical reduction: 25–45%. Hand-written stylesheets shrink more (lots of whitespace and comments); pre-minified frameworks shrink less (already optimised). Tailwind output, post-PurgeCSS, typically shrinks another 15–25% with csso on top.

Modern CSS that minifiers used to break

Older minifiers (clean-css 3.x and YUI Compressor) corrupt modern CSS in several ways. csso handles all of these correctly:

CSS custom properties: --brand: #635BFF values and var() references are preserved exactly. Old minifiers stripped fallbacks.
Native nesting: .card { .title { } } is preserved (modern browsers parse it natively without a preprocessor).
Container queries: @container (width > 400px) { … } is preserved with all syntax variants.
OKLCH and color-mix(): new colour formats are passed through; csso doesn’t try to “shorten” them since the format is already minimal.
:has() selector: the parent selector is preserved without quote-mangling.
@layer: cascade layer ordering is preserved exactly — never reordered.

How to minify CSS in your browser

Open the CSS minifier
Paste your CSS or drop in a .css file
Pick the engine: csso (default) or clean-css (legacy)
Toggle options: dedupe selectors, merge @media, restructure (aggressive)
Click Minify. Output appears with before/after sizes
Copy or download as .min.css

Common gotchas

“Restructure” is opt-in for a reason. The aggressive csso option reorders selectors that look equivalent. If your CSS relies on cascade order (later rules override earlier ones), restructuring can change which rule wins. Test the minified output visually before deploying.
Don’t minify a CSS file that’s imported with @import in another file. Some minifiers inline imports; csso doesn’t by default. Bundle first (PostCSS / esbuild), minify the output.
Vendor prefixes are preserved. Don’t expect minification to remove -webkit- prefixes — the minifier doesn’t know which browsers you target. Use Autoprefixer to add/strip prefixes based on your browserslist.
Source maps are essential for production debugging. Without them, every DevTools error points at line 1 column 240. Generate a .map alongside the minified file.
Don’t minify already-minified files. Files ending in .min.css rarely shrink more than 1–2% on a second pass. Skip them.
Critical CSS extraction is a different job. Minification reduces the size of all your CSS. Critical CSS extraction inlines only the rules needed for above-the-fold content. Use a tool like Critters or Penthouse for that.

When NOT to use a browser CSS minifier

If your build pipeline already includes Vite, Next.js, esbuild, Webpack, or Parcel, CSS minification is built in — you don’t need a separate tool. Use this browser minifier for one-off pages built without a build system, third-party stylesheets you’re embedding, snippets pasted into a CMS that doesn’t have a build step, or to inspect what csso does to a specific block of CSS. For Node automation, install csso directly (npm i -D csso-cli) and run it from a script.

Frequently asked questions

How much does gzip add on top of CSS minification?

About 50% additional. A 52 KB minified CSS file gzips to roughly 12 KB. Brotli (modern CDN default) shrinks 8–15% beyond gzip. CSS responds especially well to compression because of repeated property names — always serve .css with a Content-Encoding header.

Will minification break my Tailwind output?

No. Tailwind’s JIT engine produces CSS that minifies cleanly with csso. Run PurgeCSS first (Tailwind does this automatically in production), then minify. Expected pipeline: Tailwind → PostCSS → cssnano/csso → gzip. Tailwind v4 includes Lightning CSS for both transformation and minification.

Does the minifier support CSS variables and the new colour spaces?

Yes. csso preserves CSS custom properties, var() references with fallbacks, OKLCH, OKLab, color-mix(), and relative-colour syntax exactly. It won’t try to shorten values it doesn’t fully understand — safer than aggressive optimisation.

Can I minify SCSS or Less directly?

No — minify only after compilation. SCSS and Less must compile to plain CSS first (via Sass, Dart Sass, or Less), then run through the minifier. Some build tools chain these automatically; for one-off files, paste the compiled output here.

Is my CSS uploaded?

No. csso runs in your browser via WebAssembly. Stylesheets are never uploaded — useful for proprietary or pre-release styles.

What’s the difference between minify and prettify?

Opposite jobs. Minify removes whitespace to shrink size for production. Prettify (CSS Formatter) adds whitespace and indentation for readability. Use a formatter when you’re editing; use a minifier as the final step before deploy.

Related tools and guides

May 4, 2026