By Max Techera · Open-source (MIT) · Updated June 2026
Blog

How to password-protect an HTML page (without a server)

You can encrypt a static HTML page in the browser with AES-256 — no backend, no login system. Here's the simplest way, and how to host it on your own domain.

★ Get drop on GitHub Try it — no install
npxnpx drops-cli report.html --managed

Server-side auth is overkill for sharing one page. StatiCrypt encrypts the page's HTML with AES-256 in your browser; the visitor enters a password to decrypt it client-side. No server logic needed.

The one-command way

drop report.html -p hunter2

drop runs StatiCrypt with a branded unlock gate, uploads the ciphertext, and serves it from your domain. The password never touches a server.

Do it yourself with StatiCrypt

npx staticrypt report.html -p hunter2

Then host the output anywhere static. drop just automates this plus branding, hosting, and your domain.

FAQ

Is client-side encryption actually secure?
AES-256 via WebCrypto is strong, but the ciphertext is downloadable — so use a long password. It's excellent against casual access, not a vault.
Is it zero-knowledge?
Locked drops are AES-256 encrypted in the browser via StatiCrypt before upload. The server stores only ciphertext — never your content or password.

Share what your AI builds — on your own domain.

Open-source, zero-knowledge, free. Try it in one command:

npx drops-cli report.html --managed
★ Get drop on GitHub drops.maxtechera.dev →