Production tokens
Do not paste live JWTs, API keys, session cookies, reset links, private keys, or customer credentials into any online page.
Security and safe use
Use browser tools with clear security boundaries.
FreeToolsBox focuses on local-first developer utilities, but safe use still matters. This page explains what should stay out of online tools, how to report concerns, and where visual inspection stops being enough.
Browser-local tools
Core transformations are designed to run in the browser, but browsers, extensions, clipboards, screenshots, analytics, ads, and networks still create surrounding exposure risk.
Cryptography
Hash, password, JWT, and encoding tools help with inspection and learning. They do not replace maintained security libraries, server-side verification, or a security review.
Responsible reports
Send security or privacy concerns to admin@freetoolsbox.cn. Please avoid including real secrets; use sanitized examples whenever possible.
Safe workflow
Keep real secrets out of examples.
A tool can be browser-local and still be unsafe for raw production data. Treat debugging snippets as shareable only after they have been sanitized.
- Use synthetic or anonymized examples when learning a tool.
- Remove tokens, emails, customer identifiers, private URLs, and regulated records before pasting snippets.
- Verify security decisions in your own backend, CI pipeline, or maintained library rather than trusting a visual inspection page.
- Clear copied output and visible inputs on shared devices.