Private by design

php.onl is built so that your code never leaves your device. This is not a policy promise to trust — it is how the tool physically works. The PHP interpreter runs in your browser through WebAssembly, so there is no server to send your code to in the first place.

What runs where

How sharing works without a server

When you create a share link, php.onl compresses your code (and the selected versions, STDIN, and arguments) and encodes it into the URL itself — into the part after the #, which browsers never even send to a server. Whoever opens the link reconstructs the snippet locally from the link. Nothing is stored on our side because there is no "our side" for code to live on.

Why this matters

Because nothing is uploaded, php.onl is safe for the things you would hesitate to paste into a typical online runner:

Works offline, which proves the point

After the first load, the runtime is cached and php.onl keeps working with no network at all. A tool that runs fully offline cannot be quietly sending your code somewhere — there is nowhere for it to go.

The honest caveats

php.onl loads its own code and the PHP runtime over the network on first visit, and is served as a static site. Like any web page, your browser makes those initial asset requests. After that, your PHP code and its execution stay entirely on your device. We do not run a server that sees, stores, or processes the code you write.

Curious how it is built? See the about page, or just open the playground and run something sensitive with confidence.