UD5 Toolkit
AES Text Encrypt/Decrypt - Online Secure Message Tool
Encrypt and decrypt text using AES in the browser with a password. Uses Web Crypto API. No data sent to server.
X‑Frame‑Options Tester - Online Clickjacking Defense
X‑Frame‑Options Tester
Instantly check if a website is protected against clickjacking attacks.
Enter a full URL (http:// or https://) of the page you want to test.
Frequently Asked Questions
X‑Frame‑Options is an HTTP response header used to indicate whether a browser should be allowed to render a page in a
Values: DENY, SAMEORIGIN, ALLOW-FROM uri
<frame>, <iframe>, <embed>, or <object>. It helps prevent clickjacking attacks by ensuring that your site is not embedded in malicious frames.
Values: DENY, SAMEORIGIN, ALLOW-FROM uri
Clickjacking tricks users into clicking on something different from what they perceive. Attackers overlay transparent or disguised iframes over legitimate buttons, potentially hijacking clicks to perform unintended actions (like changing settings, approving transactions, or sharing private data).
Both provide clickjacking protection, but Content Security Policy (CSP)
frame-ancestors is more flexible and modern. It allows you to specify multiple allowed sources (or 'none'), while X‑Frame‑Options only supports one URI or SAMEORIGIN. Most modern browsers honor CSP; however, it’s recommended to use both headers for maximum compatibility.
All modern browsers (Chrome, Firefox, Safari, Edge) have supported X‑Frame‑Options for many years. Legacy IE also supports it. It remains a widely adopted security header, but for robust defense, combine it with CSP
frame-ancestors.
Add the following HTTP response headers on your web server or application:
For same-origin only:
Consult your server documentation (Apache, Nginx, IIS) or framework middleware for implementation.
X‑Frame‑Options: DENY (most strict) Content-Security-Policy: frame-ancestors 'none'; For same-origin only:
X-Frame‑Options: SAMEORIGIN and frame‑ancestors 'self'.
Consult your server documentation (Apache, Nginx, IIS) or framework middleware for implementation.
Browser security (CORS) blocks front‑end requests to arbitrary websites. This tool works best with a backend proxy (API endpoint on your server). If the test fails, use a browser developer tool (Network tab) to inspect the response headers manually, or deploy our open‑source proxy script.
Free online X‑Frame‑Options header tester. Check clickjacking protection, CSP frame-ancestors, and improve your web security posture. Supports all modern browsers.
Keyboard Event Debugger - Online See keydown Key Data
Press any key and see the full KeyboardEvent object: key, code, keyCode, modifier status. Dev tool.
JavaScript Keycode Finder - Online Keyboard Event Tool
Press any key to see the corresponding JavaScript event key, code, and keyCode. An essential debugging tool for front-end developers handling keyboard input.
iCal Event to HTML Snippet - Online Add to Calendar Links
Fill in event details and generate 'Add to Calendar' links for Google, Outlook, and Yahoo, plus a downloadable .ics file.
Mac Keyboard Shortcut Visualizer – Online Modifier Key Cheatsheet
Press a combination of modifier keys and see which common macOS shortcuts use them. Learn by experimentation.
HTML Attribute Remover - Online Clean Up Markup
Strip specific or all attributes from HTML tags. Clean up messy code. Keep the structure. Purely local.
.htpasswd Generator – Online Apache Password Encrypter
Enter a username and password to generate an .htpasswd entry using bcrypt. Runs entirely in browser.
Jerky Marinade Ratio Calculator – Online Soy, Worcestershire, Cure
Scale a jerky marinade recipe based on meat weight. Includes optional cure #1 calculation for safety.
Old English / Anglo‑Saxon Word Lookup – Online Basic Translator
Type a modern English word and get a possible Old English equivalent. Works offline with a limited but curated wordlist. Learn history.
Playwright Test Skeleton - Online Script Boilerplate
Create a basic Playwright script with browser launch, page navigation, and screenshot. Start E2E testing instantly.
Periodic Background Sync Tester - Online Register & Test
Register a periodic background sync and see the status. Schedule content updates for your PWA. API demo.
Geolocation Override Tester - Online Simulate Any Location
Override your browser's geolocation to any coordinates and test how your app responds. For development and privacy testing.
Audio/Video Sync Tester - Online Lip Sync Check
Load a video and visually check if audio aligns with lips. Use frame‑by‑frame stepping. Debug playback issues.
PWA Install Prompt Tester - Online Simulate Install
Check if your page triggers the beforeinstallprompt event. Simulate the install flow. Debug PWA installability.
Accept‑Language Header Visualizer - Online Locale Match
Paste your Accept‑Language header and see which languages your site should serve based on quality values. Internationalization helper.
Push Notification Tester - Online Generate & Receive
Register a service worker, subscribe to push, and send a test notification using a VAPID key pair. Step‑by‑step demo.
Geolocation API Simulator - Online Test Coordinates
Override your browser's geolocation to any coordinates and test how your app responds. For development and privacy testing.
Screen Orientation API Tester - Online Lock & Check
Check current screen orientation and test the lock API. Useful for mobile web apps. Demo with code.
Fullscreen API Tester - Online Request & Exit Demo
Test the Fullscreen API: request fullscreen on a colored div, detect changes, and copy the JavaScript boilerplate.
Web Share API Tester - Online Demo & Code
Test the Web Share API by sharing text, links, and files directly from the browser. Check compatibility and see example code.
Browser Color Gamut Test - Online P3 or sRGB?
Check if your browser and display support the wider DCI‑P3 color space. See the difference with a simple test pattern.
Palindrome Tester - Online Phrase Checker
Enter any phrase and instantly see if it's a palindrome, ignoring spaces and punctuation. Fun for word nerds.
Fake ID Number Generator - Online Test SSN/SIN Lookalike
Generate random, formatted ID numbers that match pattern rules for various countries. For testing input validation. No real data.
HTTP Request Composer - Online Build & Send Requests
Pick a method, URL, headers, and body, then send an HTTP request directly from your browser. Debug APIs easily.
Media Device Tester - Online Check Camera, Mic & Speaker
Quickly test if your webcam, microphone, and speakers work correctly. See live video and audio meter. No data sent.
Fuzzy Data Generator - Online Create Random Records
Generate random but realistic‑looking data arrays (users, products, orders) with typos and missing fields. For test robustness.
Eye Dominance Test - Online Find Your Dominant Eye
Simple interactive eye dominance test: hold up a virtual dot and see which eye stays aligned. Educational.
Clinical Color Blindness Tester - Online Ishihara Plate Style
View a series of digital Ishihara‑style plates. Not a diagnostic tool, just educational. Read numbers.
Iframe Sandbox Configurator - Online Test Permissions
Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.
Random User Activity Simulator - Online Test Idle Logic
Simulate random mouse moves, clicks, or keystrokes to test idle‑timeout logic. Stops when you move the mouse. Dev test.