What is Base64 used for?

Base64 encodes binary data as text. Common uses: data URIs (embedding images inline in HTML/CSS), JWT headers and payloads, HTTP Basic Auth headers, email MIME attachments, and API credentials in Authorization headers. It is an encoding scheme, not encryption — the encoded data is trivially reversible.

What is the difference between Base64 and Base64Url?

Standard Base64 uses + and / as the 62nd and 63rd characters and pads with =. Base64Url replaces + with - and / with _ (URL-safe characters) and omits padding. JWTs use Base64Url for their header and payload segments.

Why does btoa() fail with Unicode characters?

btoa() only handles Latin-1 (ISO-8859-1) characters — values 0–255. Unicode characters above U+00FF throw an error. The workaround: `btoa(encodeURIComponent(str))` for encoding and `decodeURIComponent(atob(encoded))` for decoding.

Is Base64 safe for transmitting sensitive data?

No. Base64 is trivially reversible by anyone who sees the encoded string. It provides no confidentiality. For sensitive data, use encryption (AES, RSA) not encoding. Base64 is used in HTTP Auth headers because those headers are protected by HTTPS transport security — the Base64 itself adds nothing.

guide

How to Encode and Decode Base64 Without Uploading

Last updated: 11 June 2026

You can encode and decode Base64 entirely in your browser using brevio Base64 — JavaScript's built-in btoa()/atob() functions handle the conversion locally. No data reaches any server.

Base64 encoding is a common operation for developers working with APIs, JWTs, image data URIs, and binary-to-text encoding. Encoding sensitive strings (API keys, credentials, configuration values) through a server-side tool is unnecessary — the encoding algorithm is standard and runs natively in every browser.

How to Encode or Decode Base64 Without Uploading

Open brevio Base64. No account required.
Choose encode or decode. Encode converts plain text or binary to a Base64 string. Decode converts a Base64 string back to its original form.
Paste your input. Text, JSON, credentials, or any string. Processing begins immediately — no submit button needed. Nothing is sent over the network.
Copy the output. The encoded or decoded result is ready to use.

How to Verify No Data Is Transmitted

Open DevTools (F12 or ⌘⌥I) → Network tab. Paste your input and confirm: zero network requests fire in response to your typing. Only initial static asset loads (JS, CSS) appear on page load. If any request triggers when you paste data, the tool is not client-side.

What Base64 Is (and Is Not)

Base64 is an encoding scheme, not encryption. It converts binary data to a text representation using 64 ASCII characters (A–Z, a–z, 0–9, +, /). The output is approximately 33% larger than the input. Base64 is completely reversible and provides no confidentiality — anyone with the Base64 string can decode it instantly. Common uses:

Data URIs: Embedding images inline in HTML/CSS (data:image/png;base64,...)
JWTs: The header and payload of a JSON Web Token are Base64Url-encoded (a URL-safe variant using - and _ instead of + and /)
Basic Auth headers: HTTP Basic Authentication encodes username:password in Base64 — this is not secure by itself, only safe over HTTPS
Email attachments (MIME): Binary attachments are Base64-encoded for transmission through text-only email systems
API credentials: Some APIs encode API keys as Base64 for inclusion in Authorization headers

Base64 vs Base64Url vs Base64 with Padding

Variant	Characters Used	Padding	Common Use
Standard Base64	A–Z, a–z, 0–9, +, /	= padding	Email, data URIs, general encoding
Base64Url	A–Z, a–z, 0–9, -, _	No padding (or optional)	JWTs, URL parameters, file names
Base64 MIME	Standard + line breaks every 76 chars	= padding	Email MIME encoding

JavaScript Built-In Functions

You can do this in any browser DevTools console without any tool:

// Encode btoa("hello world")           // → "aGVsbG8gd29ybGQ=" // Decode atob("aGVsbG8gd29ybGQ=")     // → "hello world" // For Unicode strings (btoa fails on non-ASCII) btoa(encodeURIComponent("héllo"))   // encode decodeURIComponent(atob("aGklQzMlQTlsbG8="))  // decode

Base64 Tool Comparison

Tool	Upload?	Variants Supported	Free?	Works Offline?
brevio Base64	No — in-browser	Standard, URL-safe	Yes	Yes (once loaded)
CyberChef	No — in-browser (open source)	All variants + file encoding	Yes	Yes (self-hostable)
base64encode.org	Yes — server-side	Standard	Yes	No
base64decode.org	Yes — server-side	Standard	Yes	No

Frequently Asked Questions

What is Base64 used for?: Base64 encodes binary data as text. Common uses: data URIs (embedding images inline in HTML/CSS), JWT headers and payloads, HTTP Basic Auth headers, email MIME attachments, and API credentials in Authorization headers. It is an encoding scheme, not encryption — the encoded data is trivially reversible.
What is the difference between Base64 and Base64Url?: Standard Base64 uses + and / as the 62nd and 63rd characters and pads with =. Base64Url replaces + with - and / with _ (URL-safe characters) and omits padding. JWTs use Base64Url for their header and payload segments.
Why does btoa() fail with Unicode characters?: btoa() only handles Latin-1 (ISO-8859-1) characters — values 0–255. Unicode characters above U+00FF throw an error. The workaround: `btoa(encodeURIComponent(str))` for encoding and `decodeURIComponent(atob(encoded))` for decoding.
Is Base64 safe for transmitting sensitive data?: No. Base64 is trivially reversible by anyone who sees the encoded string. It provides no confidentiality. For sensitive data, use encryption (AES, RSA) not encoding. Base64 is used in HTTP Auth headers because those headers are protected by HTTPS transport security — the Base64 itself adds nothing.