Security

Content Security Policy (CSP)

We use strict Content Security Policy headers to reduce cross-site scripting risk and limit resource loading to trusted sources.

Security Headers

We use HTTP security headers including X-Content-Type-Options and X-Frame-Options to reduce MIME sniffing and clickjacking risks.

Permissions Policy

Unnecessary browser features such as camera, microphone, geolocation, payment APIs, USB, and sensors are disabled by default.

Client-side processing

For normal use, tool input is processed locally in your browser. Your tool content is not sent to our servers.

Third-party scripts and ads

Some pages load third-party resources. Those providers may receive standard web request metadata (such as IP address or browser type), but not your tool input.

Tool-specific security notes

Each tool page can include additional security guidance where needed. Check the page footer for tool-level policy links.