Password protect HTML

Password-protect an HTML page without a server

Most "password protect HTML" tutorials rely on JavaScript — which any viewer can bypass in browser DevTools. ArtifactShare performs server-side verification: the HTML is never sent to a browser until the correct password is entered.

Why server-side matters

Content never touches the browser unauthenticated. The HTML file stays in Cloudflare R2. The Worker returns it only after a verified password check — a wrong guess gets nothing back.

PBKDF2 password hashing. Passwords are stored as PBKDF2-HMAC-SHA256 hashes (210,000 iterations). Even a database leak reveals nothing useful.

Brute-force throttling built in. Failed attempts are rate-limited per IP — up to 8 tries per 10 minutes — so automated guessing is blocked at the edge.

Optional email + password gate. Require viewers to enter a specific email address alongside the password. Useful when you want to restrict access to a known individual.

How to password-protect your HTML in 3 steps

Sign up for a free account

Create an account at app.artifactshare.xyz. No credit card. You can upload and password-protect up to 10 HTML pages immediately.

Upload and set a password

Paste your HTML or upload the file. Toggle password protection, enter your chosen password, and optionally set an expiry date or max-view limit.

Share the protected link

Copy your permanent link. When a viewer opens it, they see a clean password gate. Enter the correct password and the page loads — nothing more, nothing less.

Protect your first page free Read the security details