Security Tools for Developers
Generate security headers, decode certificates, and create SSH keys — all client-side. Your sensitive data never leaves your browser.
HMAC Generator
Generate HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, and HMAC-SHA1 keyed-hash signatures.
Content Security Policy Generator
Generate Content Security Policy headers with an interactive builder. Configure all CSP directives with presets and custom domains.
SSH Key Generator
Generate RSA and ECDSA SSH key pairs entirely in your browser. Private keys never leave your device.
SSL Certificate Decoder
Decode PEM-encoded SSL/TLS certificates and view subject, issuer, validity dates, SANs, and key information.
CORS Header Builder & Generator
Generate CORS headers interactively. Output as HTTP headers, Nginx config, Express middleware, or Apache .htaccess.
Available Security Tools
- CSP Generator — build Content Security Policy headers with an interactive builder and presets
- SSH Key Generator — generate RSA and ECDSA key pairs directly in your browser
- SSL Certificate Decoder — decode PEM certificates and inspect subject, issuer, validity, and SANs
Why Client-Side Security Tools?
Security-sensitive operations like key generation and certificate inspection should never require sending data to a third-party server. All CodeTidy security tools use browser-native APIs like Web Crypto and run entirely client-side, ensuring your private keys and certificates stay on your machine.
When to Use Each Security Tool
- Content Security Policy Generator — when hardening a web app against cross-site scripting (XSS) and injection. CSP tells the browser which sources of scripts, styles, images, and frames to trust; this builder helps you assemble a policy from presets and directives without memorising the syntax.
- SSL Certificate Decoder — when debugging TLS. Paste a PEM certificate to read its subject, issuer, validity dates, and Subject Alternative Names — useful for confirming a cert covers the right domains or finding out exactly when it expires.
- SSH Key Generator — when you need an RSA or ECDSA key pair for Git hosting or server access and don't have a terminal handy. Keys are generated locally with the Web Crypto API.
- HMAC Generator — when signing or verifying webhook payloads and API requests. HMAC combines a secret key with your message to produce a tamper-evident signature (HMAC-SHA256 and others).
- CORS Header Builder — when a browser blocks a cross-origin request. Build the correct
Access-Control-Allow-*headers for your API and understand exactly what each one permits.
Because these operations involve secrets — private keys, signing keys, certificates — it matters that they run only on your machine. Every tool here is client-side and uses browser-native cryptography, so nothing sensitive is ever transmitted.
Other Developer Tools
Frequently Asked Questions
- What are online security tools for developers?
- Online security tools help developers implement and audit security configurations like Content Security Policy headers, SSL certificates, and SSH keys — directly in the browser without installing software.
- Is it safe to use online security tools?
- All tools on CodeTidy run entirely in your browser. No data is transmitted to any server. Private keys, certificates, and security configurations never leave your device.
- Why should developers care about CSP, SSL, and SSH?
- Content Security Policy prevents XSS attacks, SSL/TLS certificates encrypt data in transit, and SSH keys enable secure authentication to servers and repositories. These are fundamental security building blocks for any web application.