HCODX/Base64 Encoder & Decoder
100% browser-based · Image · Audio · Video · PDF · Text · Hex · Basic Auth

Base64 Encoder & Decoder — all formats, auto-detect

One tool for every Base64 conversion. Encode a file, text, hex, HTML, CSS or remote URL — or paste Base64 / a data: URI and let the page auto-detect whether it's an image, audio, video, PDF, text, hex or HTTP Basic Auth credentials.

Drop a file
Base64 output
Encode options
Input size
0 B
Output size
0 B
Detected type
Status
Ready
Coverage

One tool, every Base64 conversion

Built around content-type detection rather than separate URLs — the same input box handles images, audio, video, PDFs, text, hex, and HTTP Basic Auth.

Decoders

  • Base64 to ASCII
  • Base64 to Audio (MP3 / WAV / OGG)
  • Basic Auth Decode (user:password)
  • Base64 to File (any binary)
  • Base64 to Hex
  • Base64 to Image (PNG / JPG / GIF / SVG / WebP)
  • Base64 to PDF
  • Base64 to Text (UTF-8)
  • Base64 to Video (MP4 / WebM / MOV)

Encoders

  • Audio to Base64
  • CSS to Base64
  • File to Base64
  • Hex to Base64
  • HTML to Base64
  • Image to Base64
  • PDF to Base64
  • Text to Base64
  • URL to Base64
  • Video to Base64
How it works

Auto-detection at a glance

1

Read the data: URI header

If the input starts with data:<mime>;base64, the MIME type is taken straight from the URI — no guessing needed.

2

Magic-byte sniff

For raw Base64, the first 12 decoded bytes are checked against signatures for PNG, JPEG, GIF, BMP, WebP, AVIF, ICO, TIFF, PDF (%PDF-), MP3 (ID3 / sync), WAV (RIFF…WAVE), OGG, FLAC, MP4 / MOV (ftyp box), WebM / Matroska, ZIP, GZIP and SQLite.

3

Text fallback

If nothing matches, the bytes are interpreted as UTF-8. SVG and XML are detected from the opening tag. Pure-ASCII text matching user:password is flagged as HTTP Basic Auth and the two halves are split.

4

Render the right viewer

Images go to an <img>, audio to <audio>, video to <video>, PDFs to an inline viewer, text to a monospace pane, and unknown blobs to a download button with the detected extension.

FAQ

Frequently asked questions

On decode, the tool first reads the MIME type from the data: URI header if present. Otherwise it inspects the first decoded bytes against magic numbers for PNG, JPEG, GIF, WebP, BMP, PDF, MP3, WAV, OGG, MP4, WebM, MOV. If nothing matches, it falls back to UTF-8 text and recognises Basic Auth (user:pass) and pure-hex strings.

Drag in any file (image, audio, video, PDF, font, archive) or type/paste text, HTML, CSS, hex, or a URL to fetch. The output is the raw Base64 plus a full data: URI when the type is known.

No. Encoding and decoding both run entirely in your browser via FileReader, atob and btoa. Your data never leaves the page.

HTTP Basic Authentication sends credentials as Base64("username:password"). When the decoded text fits that exact shape and contains no binary bytes, the tool highlights it and splits the username and password for you.

On decode, the default "Strip whitespace & URL-safe" option normalises -_ back to +/ and re-adds any missing = padding before calling atob(). On encode, pick the URL-safe alphabet from the Alphabet menu.

The browser enforces CORS — the remote server must explicitly allow cross-origin requests. If the fetch fails, download the file with your browser and use the File tab instead.

About

About Base64 encoding

Base64 is the standard way to express arbitrary bytes as printable ASCII characters, defined in RFC 4648. Every three bytes of input become four characters of output drawn from a 64-character alphabet, with = padding when the input length isn't a multiple of three. That ~33% overhead is the cost of being safe in environments that mangle binary — email bodies, JSON strings, URL parameters, HTTP headers, and JWT payloads.

Standard vs URL-safe

The standard alphabet uses A-Z a-z 0-9 + /. The URL-safe variant (RFC 4648 §5) swaps + for - and / for _ so the result is safe to drop into a URL path or filename without further percent-encoding. JWTs and most modern web tokens use the URL-safe alphabet with the padding stripped.

data: URIs

A data: URI (RFC 2397) bundles the bytes inside the URL itself: data:<mime>;base64,<payload>. Browsers, email clients, and most rendering pipelines treat it like a normal https:// reference. It's the right answer for small icons, single-file demos, CSP-strict pages, and any environment that can't make a second HTTP request.

HTTP Basic Auth

The HTTP Authorization header sends Basic credentials as Authorization: Basic <Base64(user:password)>. The Base64 wrapper is encoding, not encryption — decoding is trivial, which is why Basic Auth is only acceptable over HTTPS.

Performance

For very large files, encoding in the browser uses FileReader.readAsDataURL which streams chunks to the C++ implementation behind the scenes. Decoding uses atob() for the payload and wraps the bytes in a Blob — no extra copy is needed to render images, audio, video or PDFs.

Related

Related tools

AI Image Generator
Free, unlimited Flux / GPT Image / Kontext / Seedream — no signup, no key, no watermark.
Video to MP3
Extract audio from MP4 / WebM / MOV / MKV — MP3, WAV, OGG, M4A, FLAC, optional trim. Browser-side.
Image to Base64
Dedicated image-only encoder with CSS / HTML snippets.
Base64 to Image
Dedicated image-only decoder with preview & re-encode.
Base64 Encode
Plain-text-only encoder, no file upload.
Base64 Decode
Plain-text-only decoder.
Text to Hex
Convert text to hexadecimal bytes.
Hex to Text
Reverse — hex bytes back to text.
URL Encode
Percent-encoding for URLs and form values.
JWT Decoder
Decode JSON Web Tokens (URL-safe Base64).