UD5 Toolkit
JavaScript Keycode Finder - Online Keyboard Event Tool
Press any key to see the corresponding JavaScript event key, code, and keyCode. An essential debugging tool for front-end developers handling keyboard input.
X‑Frame‑Options Tester - Online Clickjacking Defense
X‑Frame‑Options Tester
Instantly check if a website is protected against clickjacking attacks.
Enter a full URL (http:// or https://) of the page you want to test.
Frequently Asked Questions
X‑Frame‑Options is an HTTP response header used to indicate whether a browser should be allowed to render a page in a
Values: DENY, SAMEORIGIN, ALLOW-FROM uri
<frame>, <iframe>, <embed>, or <object>. It helps prevent clickjacking attacks by ensuring that your site is not embedded in malicious frames.
Values: DENY, SAMEORIGIN, ALLOW-FROM uri
Clickjacking tricks users into clicking on something different from what they perceive. Attackers overlay transparent or disguised iframes over legitimate buttons, potentially hijacking clicks to perform unintended actions (like changing settings, approving transactions, or sharing private data).
Both provide clickjacking protection, but Content Security Policy (CSP)
frame-ancestors is more flexible and modern. It allows you to specify multiple allowed sources (or 'none'), while X‑Frame‑Options only supports one URI or SAMEORIGIN. Most modern browsers honor CSP; however, it’s recommended to use both headers for maximum compatibility.
All modern browsers (Chrome, Firefox, Safari, Edge) have supported X‑Frame‑Options for many years. Legacy IE also supports it. It remains a widely adopted security header, but for robust defense, combine it with CSP
frame-ancestors.
Add the following HTTP response headers on your web server or application:
For same-origin only:
Consult your server documentation (Apache, Nginx, IIS) or framework middleware for implementation.
X‑Frame‑Options: DENY (most strict) Content-Security-Policy: frame-ancestors 'none'; For same-origin only:
X-Frame‑Options: SAMEORIGIN and frame‑ancestors 'self'.
Consult your server documentation (Apache, Nginx, IIS) or framework middleware for implementation.
Browser security (CORS) blocks front‑end requests to arbitrary websites. This tool works best with a backend proxy (API endpoint on your server). If the test fails, use a browser developer tool (Network tab) to inspect the response headers manually, or deploy our open‑source proxy script.
Free online X‑Frame‑Options header tester. Check clickjacking protection, CSP frame-ancestors, and improve your web security posture. Supports all modern browsers.
Mac Keyboard Shortcut Visualizer – Online Modifier Key Cheatsheet
Press a combination of modifier keys and see which common macOS shortcuts use them. Learn by experimentation.
iCal Event to HTML Snippet - Online Add to Calendar Links
Fill in event details and generate 'Add to Calendar' links for Google, Outlook, and Yahoo, plus a downloadable .ics file.
Nuxt Page Boilerplate - Online Vue.js Setup
Generate a Nuxt 3 page component with script setup, metadata, and styles. For Vue.js developers. Copy the .vue file.
Audio/Video Sync Tester - Online Lip Sync Check
Load a video and visually check if audio aligns with lips. Use frame‑by‑frame stepping. Debug playback issues.
PWA Install Prompt Tester - Online Simulate Install
Check if your page triggers the beforeinstallprompt event. Simulate the install flow. Debug PWA installability.
Accept‑Language Header Visualizer - Online Locale Match
Paste your Accept‑Language header and see which languages your site should serve based on quality values. Internationalization helper.
WebTransport Echo Client - Online QUIC Test
Connect to a WebTransport server and exchange data over QUIC. See latency and throughput. Perfect for exploring low‑latency real‑time APIs.
prefers‑reduced‑motion Tester - Online A11y Check
Simulate reduced motion preference and test your animations. Copy the media query snippet. Keep your users safe.
HSTS Header Checker - Online Strict‑Transport‑Security
Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.
CSP Analyzer - Online Test & Improve Policy
Paste a Content‑Security‑Policy header and get a human‑readable breakdown. See potential risks and suggestions.
Push Notification Tester - Online Generate & Receive
Register a service worker, subscribe to push, and send a test notification using a VAPID key pair. Step‑by‑step demo.
Geolocation API Simulator - Online Test Coordinates
Override your browser's geolocation to any coordinates and test how your app responds. For development and privacy testing.
Fullscreen API Tester - Online Request & Exit Demo
Test the Fullscreen API: request fullscreen on a colored div, detect changes, and copy the JavaScript boilerplate.
Web Share API Tester - Online Demo & Code
Test the Web Share API by sharing text, links, and files directly from the browser. Check compatibility and see example code.
Browser Color Gamut Test - Online P3 or sRGB?
Check if your browser and display support the wider DCI‑P3 color space. See the difference with a simple test pattern.
Palindrome Tester - Online Phrase Checker
Enter any phrase and instantly see if it's a palindrome, ignoring spaces and punctuation. Fun for word nerds.
Fake ID Number Generator - Online Test SSN/SIN Lookalike
Generate random, formatted ID numbers that match pattern rules for various countries. For testing input validation. No real data.
HTTP Request Composer - Online Build & Send Requests
Pick a method, URL, headers, and body, then send an HTTP request directly from your browser. Debug APIs easily.
Media Device Tester - Online Check Camera, Mic & Speaker
Quickly test if your webcam, microphone, and speakers work correctly. See live video and audio meter. No data sent.
Fuzzy Data Generator - Online Create Random Records
Generate random but realistic‑looking data arrays (users, products, orders) with typos and missing fields. For test robustness.
Eye Dominance Test - Online Find Your Dominant Eye
Simple interactive eye dominance test: hold up a virtual dot and see which eye stays aligned. Educational.
Clinical Color Blindness Tester - Online Ishihara Plate Style
View a series of digital Ishihara‑style plates. Not a diagnostic tool, just educational. Read numbers.
Iframe Sandbox Configurator - Online Test Permissions
Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.
Random User Activity Simulator - Online Test Idle Logic
Simulate random mouse moves, clicks, or keystrokes to test idle‑timeout logic. Stops when you move the mouse. Dev test.
Test Credit Card Validator - Online Luhn Check & Issuer
Paste a test card number to verify Luhn algorithm, identify issuer (Visa, MC), and check length. No real data.
String to Escaped HTML - Online Protect Against XSS
Instantly convert plain text into HTML‑safe escaped characters for secure display in web pages. Prevent cross‑site scripting. All processing local.
Speaker Test Tones - Online Left/Right Channel & Sweep
Play left‑only, right‑only, and frequency sweeps to test your speakers or headphones. Quick audio check.
Microphone Sensitivity Tester - Online Input Level Meter
See a live VU meter of your microphone's input level. Test if your mic is working and adjust gain. Privacy‑friendly.
Random MAC Address Generator - Online Hardware Test IDs
Generate valid, random unicast MAC addresses for testing or spoofing. Select OUI prefix if desired. Local only.