By Steve Smith · Founder, Stacktree · Last updated June 10, 2026

Private HTML hosting: the 2026 reference.

Q: Is end-to-end encryption available?

Yes. With e2e: true on upload, the browser encrypts with AES-GCM before sending. The decryption key lives in the URL fragment (which the server never sees), so Stacktree only stores ciphertext.

A private HTML host serves a static page from an unguessable URL by default. Stacktree extends the category with password and email-domain gates, end-to-end encryption, replace-in-place URLs for agent loops, and an MCP tool call that lets AI agents publish directly.

Get started free

What is private HTML hosting in 2026?

Private HTML hosting is a category of static-site hosts where the URL is not publicly discoverable by default. The simplest form is an unguessable URL, where the link itself is the credential. Stronger forms layer a shared password, an email-domain gate, IP allow-lists, or end-to-end encryption. The category has become central in 2026 because AI agents emit a lot of one-off HTML containing real data, and public-by-default hosting is no longer a safe baseline for that output.

Why this category exploded in 2026

55% of Google searches now return an AI Overview, raising the bar for citation-worthy answers. Source: ALM Corp AEO playbook 2026 ↗
883M monthly ChatGPT users in 2026, so answer-engine traffic is a primary discovery channel. Source: ALM Corp 2026 report ↗
82% Perplexity citation rate for content published within the last 30 days. Source: AuthorityTech 2026 study ↗
67% AI-response citation rate for pages with FAQPage schema on relevant queries. Source: SARVAYA schema research ↗

The four layers of "private"

Unguessable URL. The link contains enough entropy that nobody finds it by guessing. Sufficient for low-sensitivity sharing where the link can be passed in Slack or email.
Shared password. A second factor on top of the unguessable URL. Useful when the link might be forwarded.
Email-domain gate. Viewers prove they own an email at @yourco.com via a magic link before the page renders. Stronger because the gate survives forwarding.
End-to-end encryption. The content is encrypted in the browser; the server only sees ciphertext. The key lives in the URL fragment, which never leaves the client. Anyone with the URL can decrypt; nobody without it can.

Why agent output is the catalyst

"Reading text is now running code." Agent-emitted HTML often embeds API responses, prompt context, customer rows, internal IDs. The category of work doesn't fit a public-by-default model. It fits the same shape as a Notion page or a Linear ticket, but as renderable HTML the agent generates on demand.

The common case: sharing an artifact an agent produced

The query that brings most people here is concrete. An agent (Claude Code, Cursor, Codex, Claude.ai) just produced something you want to send to one person: a research report, a status dashboard, a code-review summary, a generated landing page, a one-off internal tool. You do not want it on a public URL that anyone can find, and you do not want to add the recipient to a company workspace or pay for an extra seat just so they can open a file.

Private HTML hosting solves exactly that gap. The agent publishes the HTML to an unguessable URL, and you send the link. The recipient opens it with no account. If the contents are more sensitive, you add a shared password or an email-domain gate so only people at @theirco.com can render the page. The artifact lives on a private link instead of a public site or a walled team tool.

What to look for in a private HTML host

Unguessable URL on the free tier. If "private" is a paid bolt-on, the default contract is wrong.
Programmable. An API or MCP server so agents can publish without driving a browser.
Replace-in-place. Agents iterate; the URL has to survive revisions.
Custom domain. So the link feels like part of your stack, not an external service.
CSP defaults. Agent-generated HTML is executable; the host should ship a sensible Content-Security-Policy out of the box.
Opt-out of AI training. X-Robots-Tag: noai, noimageai on every response.

Where Stacktree sits in the category

Stacktree is the MCP-native option. Other private-hosting services exist (Tiiny Host on paid plans, GitHub Pages with Enterprise Cloud, display.dev with workspace SSO), but they're shaped for human upload flows or org-wide team deploys. Stacktree is shaped for the agent loop: one tool call to publish, one to replace, three layers of gating, and a free tier that doesn't require an account for the first publish.

How to host private HTML: the options compared

Criterion	Codex Sites / Artifacts / Pages / public hosts	Stacktree
Private by default	GitHub Pages and Netlify/Vercel serve a public URL by default. Codex Sites and Claude Artifacts are private, but only inside one org.	Yes, the unguessable URL is private by default, no org needed.
View with no account or seat	Codex Sites needs an OpenAI workspace seat; Claude Artifacts publishing needs a Claude org seat.	Yes, the link is the credential, the viewer needs no account.
Share with anyone via a link	Public hosts share with anyone, but the page is fully public and indexable. Walled options block external viewers entirely.	Yes, anyone with the unguessable link, and it stays out of search.
Shared password gate	Not offered by GitHub Pages or generic public hosts.	Yes, an optional shared password per link.
Email-domain gate	GitHub Pages only on Enterprise. Codex Sites and Artifacts only gate to their own org.	Yes, a magic-link email-domain gate on any link.
Your own custom domain	Public hosts support it. Codex Sites and Artifacts do not document one.	Yes, on Pro via Cloudflare for SaaS.
Publish from any AI agent	Codex Sites is Codex-only; Artifacts is Claude-only; public hosts need a Git push or CLI.	Yes, MCP-native from Claude Code, Cursor, Codex, and Claude.ai.
Free tier	Codex Sites is Business/Enterprise only; Artifacts publishing needs Team/Enterprise; Pages is free but public.	Yes, free tier, with an anonymous first publish for 24 hours.
Self-host / own the stack	All are vendor-hosted. Export is not documented for Codex Sites or Artifacts.	Yes, source-available on your own Cloudflare (Workers, R2, D1).
Built for one-off agent artifacts	Public hosts are project-shaped; walled options are org-tool-shaped.	Yes, one MCP call publishes or replaces a single HTML file.

FAQ

Frequent questions

What is private HTML hosting? +

A static-HTML hosting service where the URL is not publicly discoverable by default. The simplest form is an unguessable URL (the link itself is the credential). Stronger forms layer on shared passwords, email-domain verification, IP allow-lists, or end-to-end encryption.

Why does it matter in 2026? +

AI agents now emit enormous quantities of one-off HTML: specs, reports, status pages, internal tools, code-review summaries. Most of it contains real data: API responses, customer rows, prompt context. Public-by-default hosting (GitHub Pages, Netlify free tiers, Pastebin) leaks that data; per-link private hosting is the correct default for agent output.

What is the difference between unlisted and private? +

Unlisted = unguessable URL, no auth check on view (the link IS the credential). Private = unlisted + an additional check (password, email domain, IP, SSO). Stacktree supports both; "private by default" on Stacktree means unlisted is the floor, and you can add auth gates per link.

How does private HTML hosting interact with AI search crawlers? +

Unguessable URLs aren't discoverable, so crawlers don't find them. Stacktree additionally serves X-Robots-Tag: noai, noimageai on every site so that even if a URL leaks, AI training crawlers know to skip it. The marketing site itself is intentionally indexable.

Is end-to-end encryption available? +

Yes. With e2e: true on upload, the browser encrypts with AES-GCM before sending. The decryption key lives in the URL fragment (which the server never sees), so Stacktree only stores ciphertext.

How does private HTML hosting compare to GitHub Pages, Vercel, or Netlify? +

Those products are excellent at deploying public web apps. They treat private access as a paid bolt-on, gated through Git accounts or org membership. Stacktree starts from "the URL is private" and works backwards from there, which is useful when the unit of work is one HTML file, not a project.

How do I privately share an HTML report or dashboard my AI agent generated? +

Have the agent publish the HTML to a private host instead of writing a local file or pushing to a public site. On Stacktree the agent calls one MCP tool, gets back an unguessable URL, and you send that link. The recipient opens it with no account. For sensitive contents, add a shared password or an email-domain gate so only verified viewers can render the page.

Can someone view a private HTML page without signing in or having a seat? +

With an unguessable-URL host, yes: the link itself is the credential, so anyone you send it to can open the page with no account. This is the difference from Codex Sites (needs an OpenAI workspace seat) and Claude Artifacts (needs a Claude org seat), where the viewer must already be inside your organisation. Add a password or email-domain gate when you want a second check on top of the link.

Is private HTML hosting free? +

It can be. Stacktree has a free tier with unguessable private URLs and an anonymous first publish that lasts 24 hours with no account. Paid plans ($8 and $19 per month, flat, never per-seat) add custom domains, longer retention, and higher limits. By contrast, private hosting on GitHub Pages needs Enterprise, and Codex Sites and Artifacts publishing sit behind Business/Team/Enterprise plans.

Keep reading

Related guides

References

Sources and further reading

Try private-by-default HTML hosting.

Free tier, unguessable URL, MCP-native. No card required.