If you've ever made a single HTML file (a deck, a proposal, an AI-generated demo) and tried to send it to one specific person, you've probably hit the same wall. The hosting tool gives you a URL, the URL works, and then you realize the URL is public to anyone who has the link.
A pattern shows up regularly in the Vercel community forum (Vercel is a hosting platform popular with founders shipping AI-generated apps, especially through its v0 AI website builder). A founder builds a private v0 project, gets the preview link, opens it, and realizes the link is public to anyone who has the URL:
"After the website creation is finished we get a preview link. But after cross checking its totally a public link. I am working on a private project and I really don't want anyone to access the website until I go to production. Can I make the link private?"
Multiple threads in 2025 ask variations of the same question. "URGENT: Request to Disable v0 Preview URLs." "How do I make sure my work isn't public?" "Can a deployed website only be visible to me?"
These aren't developers asking. Developers know about basic auth and vercel.json config. These are founders, designers, marketers, and sales engineers generating apps and decks with v0, Claude, Lovable, and Bolt, then realizing the link they planned to send to one investor or one client is also visible to anyone with the URL.
That's the gap this post is about.
What you actually need (and why "host static HTML" doesn't cover it)
If you search "host html file" you'll land on tiiny.host, EdgeOne Makers Drop, PageDrop, Static.app, host-html.com, and a dozen landing pages that all promise the same thing: drag an HTML file, get a public URL. Done.
But "host" and "share" are different problems.
Hosting: make the file accessible at a URL. Every tool on this list does this. Most do it for free.
Sharing: decide who can see it, know who actually saw it, control what happens when they forward the link. Most of these tools don't do this at all. A few do it badly. One or two do it well.
If all you need is hosting (you're a developer with a GitHub account and you want to ship a portfolio page), this isn't the post you need. Use GitHub Pages or Cloudflare Pages. They're free, fast, and you'll be done in five minutes.
This post is for the other use cases:
- A founder emailing a v0 demo to three investors and wanting to know who actually opened it.
- A designer sending a Claude-generated artifact to a client without making it public.
- A sales engineer sharing a custom HTML mockup with a prospect and learning if the prospect's whole buying committee is now looking at it.
- An agency presenting an interactive proposal page that needs a password and a "this link expires in 14 days."
For all of those, the tool you pick has to handle three things: the upload, the access, and the after-the-fact intelligence about who actually viewed what.
Here's how the eight common options compare.
The 8 tools, at a glance
| Tool | Upload | Free tier | Paid entry | Password | Email validation | Per-viewer analytics | Single file? | AI artifact (Claude/v0/Lovable) |
|---|---|---|---|---|---|---|---|---|
| GitHub Pages | Git repo | Unlimited public | $4/seat (Pro, for private) | No native | No | No | Repo required | Static HTML only, no JSX |
| Vercel | Git / CLI | Free Hobby (non-commercial only) | $20/seat (Pro) | Pro tier | No | No (aggregate only) | Repo / CLI | v0 native; CSP varies |
| Netlify Drop | Drag-and-drop | 100 GB / mo, 300 build min | $19 Personal / $20/mo Pro flat | Paid tiers | Forms only | No | Yes, single HTML supported | HTML yes, no JSX runtime |
| Cloudflare Pages | Git / direct upload | Unlimited bandwidth | $5/mo | Via Cloudflare Access | No | No | Yes via upload | Static yes; you configure CSP |
| Surge.sh | CLI only | Unlimited projects | $30/mo Pro | Pro tier | No | No | Directory deploy | Static yes; no runtime help |
| Render Static Sites | Git only | Free static | $0 hosting; $19/seat workspace | No native | No | No | Repo required | Static yes |
| tiiny.host | Drag-and-drop | 1 site, ~3 MB, branding | $9 Tiny / $18 Solo / $38 Pro / $89 Pro Max | $18 Solo tier | $38 Pro tier | No (aggregate) | Yes | Chrome extension for AI tools; no JSX runtime |
| HummingDeck | Web UI upload | 5 docs, 1 data room, document-level engagement, bot filtering | $10/mo Starter / $25/seat Pro / $40/seat Business | Secure sharing via email validation (not static password) | Yes | Yes, per-viewer, per-page | Yes (HTML, PDF, PPT) | Yes, sandbox + tracking script handles Claude/v0/Lovable |
A few notes before the breakdowns:
- "Single file" means what it says. Some of these tools require you to wrap your one HTML file in a repo, a folder, or a CLI command. If you can't drag the file into a browser tab, it fails this column.
- "Per-viewer analytics" is not Google Analytics. Aggregate pageviews ("42 views from France") don't help you when you want to know if the specific investor you sent the deck to has opened it yet. HummingDeck is the only tool on this list that surfaces per-viewer/per-page data inside the product itself.
- AI artifact handling has two layers: serving the file correctly (CSP, sandboxing) and handling JSX/React from Claude or v0 without manual ZIP wrapping. Only a few tools do either; one does both.
GitHub Pages
Free. Unlimited public sites. Custom domain with auto-HTTPS. The default answer for any developer who already has a GitHub account.
Two catches that matter for this audience:
- It's not a single-file workflow. Your one HTML file needs to live in a repo with
index.html, you commit, you push, you wait for the build. If you don't already use git, that's a non-trivial onboarding. - Commercial / SaaS use is against ToS. Many people don't realize this. GitHub's Acceptable Use Policy states that "GitHub Pages is not intended for or allowed to be used as a free web hosting service to run your online business, e-commerce site, or any other website that is primarily directed at either facilitating commercial transactions or providing commercial software as a service (SaaS)." Portfolios and personal demos are fine. Sales assets where the page itself facilitates the sale are not.
No password protection on the free tier. GitHub Pro ($4/user/mo) gets you private Pages.
No analytics. You'd add Google Analytics or Plausible yourself.
Use it if: you're a developer, the content is public, and you want zero cost. Otherwise skip.
Vercel
The default platform for the v0 / Next.js / React ecosystem. Free Hobby tier is generous on bandwidth (100 GB/mo) and edge requests (1M).
The trap most people hit: the free Hobby tier prohibits commercial use. Vercel's terms of service state plainly: "You shall only use the Services under a Hobby plan for your personal or non-commercial use." If you're sending a v0 demo to a prospect, that's commercial use, and Vercel reserves the right to disable the deployment. The Pro tier ($20/user/mo) is the lowest commercially-licensed option.
Password protection is also a Pro feature. Cheaper plans don't get it.
Vercel Analytics is aggregate, not per-viewer. You see country, device, total views, but you don't see "this prospect opened the link three times yesterday." For most v0 use cases that's a gap you'll feel quickly.
Use it if: you're shipping production React/Next.js apps, you're paying Pro anyway, and you don't need per-viewer tracking. For one-off AI demos, the licensing and the missing tracking make it the wrong tool.
Netlify Drop
The closest thing to "drag an HTML file, get a URL" from a serious infrastructure company. Netlify Drop accepts a folder, a zip, or a single HTML file. No account required for the initial deploy, though you'll want to claim it within a few days.
Free tier: 100 GB bandwidth, 300 build minutes per month.
As of April 14, 2026, Netlify moved its Pro tier to a flat $20/month with unlimited team members (source: Netlify blog, "The end of seats"). Before this change, Pro was $20 per seat. The flat-rate change applies to Credit-based Pro plans; legacy seat-based Pro accounts created before September 4, 2025 stay on the legacy plan unless migrated manually.
Where Netlify Drop falls short for this audience:
- Site-level password protection is gated to paid tiers.
- Netlify Forms catches form submissions; it isn't per-viewer email validation before page access.
- Analytics is aggregate.
Use it if: you want the fastest free drag-and-drop experience and you don't need per-viewer intelligence on who opened the link. Best free option in this category.
Cloudflare Pages
Cloudflare's free tier is hard to beat on the infrastructure side: unlimited bandwidth, unlimited requests, free custom domain with SSL, free Cloudflare CDN underneath.
What it isn't: a single-file drag-and-drop UI optimized for non-developers. Direct upload exists, but the workflow is still tilted toward devs deploying from wrangler or git.
Password protection requires Cloudflare Access, which has a free tier (up to 50 seats) and isn't a simple per-page password. It's a zero-trust auth proxy that you configure with identity providers and policies.
No native per-viewer analytics. You'd add a script.
Use it if: you're a developer, you expect significant traffic, and free unlimited bandwidth matters. Less useful for one-off sales decks.
Surge.sh
CLI tool. Run npm install -g surge, then surge in your project directory. Free tier is unlimited projects with custom domains and basic SSL.
The CLI-only workflow rules it out for the non-developer audience. If your day doesn't involve npm, this isn't your tool.
Surge Professional is $30/month. That gets you password protection, custom SSL, force HTTP-to-HTTPS, CORS, and custom redirects.
Use it if: you're a frontend developer who prefers terminal over web UIs and you want minimal infrastructure overhead.
Render Static Sites
Like Vercel and Cloudflare Pages, Render is a developer-focused platform. Static sites are free; the $7/mo "Starter" is a per-service compute charge, not a seat charge. The team/workspace fee ($19/user/mo Professional) is separate.
Git repo required, no drag-and-drop. No native password protection on static. No per-viewer analytics.
Use it if: you're already on Render for a backend service and you want your static frontend in the same workspace.
tiiny.host
This is the head-to-head competitor for most readers of this post. tiiny.host is one of the most prominent "drag an HTML file, get a URL" tools on the market.
Pricing (verified against their public plans):
| Plan | Monthly | Annual (effective monthly) |
|---|---|---|
| Free | $0 | n/a |
| Tiny | $9 | $5 |
| Solo | $18 | $13 |
| Pro | $38 | $31 |
| Pro Max | $89 | $74 |
What works:
- True drag-and-drop UI. The fastest "HTML file to URL" path on this list.
- A Chrome extension launched November 26, 2025 deploys directly from ChatGPT, Claude, Gemini, Grok, and DeepSeek conversations. It closes the "I have a Claude artifact, now what?" workflow gap in two clicks.
- Solo tier ($18/$13) unlocks custom domain and password protection.
- Pro tier ($38/$31) adds email capture.
Where it gets thin:
No per-viewer analytics. tiiny.host shows aggregate visit counts ("42 views from France"), not "clienta@example.com viewed it twice last Tuesday for 4 minutes." For B2B use cases (knowing whether the specific prospect you sent the link to is engaged), aggregate analytics don't help.
No JSX/React runtime. This is becoming the most-cited gap. Claude artifacts and v0 outputs are increasingly JSX-based single files. tiiny.host can host them as a manual ZIP if you wrap them yourself, but it doesn't auto-detect and wrap JSX with a runtime. A direct competitor, OneClickLive, explicitly markets this as their differentiator.
Restrictive free tier. The free plan caps file size at roughly 3 MB and limits you to a single site. Multiple third-party reviews describe the free tier as designed to push users to paid quickly: after a period of inactivity, sites are placed in a "preview" mode that limits availability. Treat the free tier as a trial, not durable hosting.
No inline re-edit. Every revision is a re-upload.
Use it if: you need the fastest HTML-to-URL drag-and-drop, you're hosting plain HTML (not JSX), and you mostly need aggregate visit counts rather than per-prospect intelligence.
HummingDeck
Disclosure: this is our product. We'll explain the tradeoffs honestly.
HummingDeck started as a tool for sharing sales decks and pitch decks with tracking. The underlying infrastructure (upload a file, get a tracked share link, see who opened which page) turned out to be exactly what people need for any single-file HTML artifact, whether it's a deck, a v0 demo, a Claude artifact, or a client mockup.
What HummingDeck adds on top of hosting is secure sharing: knowing who can see the file, who actually did, and what they did with it.
What we do that others on this list don't:
- Per-viewer, per-page tracking. You see which specific recipient opened the link, what they clicked, how long they stayed on each page or slide, and whether they came back. Not "37 views from the United States" but "paula@acmecorp.com viewed the proposal, spent 4 min on the pricing section, didn't open the contract page."
- Restricted sharing via email validation. Instead of a static password (which gets shared along with the link), each viewer validates their email before access. The viewer enters their address, receives a one-time code, and only then gets in. Three things follow: you capture exactly who opened it, you can revoke access per recipient without breaking the link for everyone else, and forwarding gets caught because the new viewer also has to validate. Compare that to a password, which silently travels with the link wherever it gets forwarded.
- Forwarding inference. When one link gets opened from three different cities in 20 minutes, that's a buying committee circulating it. We surface that signal explicitly.
- Bot filtering. AI crawlers, SaaS bots, and headless browsers are a real portion of share-link traffic. We filter them so your "viewed" count reflects humans, not GPTBot.
- AI artifact runtime. Claude artifacts (HTML + JSX + injected CSS), v0 exports, Lovable apps, Bolt outputs. These run unchanged inside our viewer. We handle the CSP, the sandboxing, and the script injection that breaks on most platforms.
- Multi-document bundles. A single tracked HTML file is the entry point. For B2B work, the same engine extends to Deal Rooms (deck + pricing + case study + Loom under one branded URL for sales) and Data Rooms (deck + financial model + cap table + diligence PDFs for fundraising).
Free tier gives you 5 documents, 1 data room, document-level engagement view (who opened it, total time, page coverage), and bot filtering. Historical per-page analytics with retention (30 days on Starter, 90 days on Pro, unlimited on Business) starts at $10/mo.
What we don't do well:
- Not unlimited free. Free covers 5 documents and 1 data room. Heavy users hit paid pricing fast. If you're hosting ten HTML files for hobbyist sharing, tiiny.host or Netlify Drop is cheaper.
- Not the fastest CDN on the planet. Cloudflare Pages will load faster on the millisecond margin. For a tracked share link, the latency cost doesn't matter; for a public marketing site, it might.
- No static password (intentional). We use email validation instead. Passwords get shared along with the link, which defeats the access control. If you specifically need a single static password (a team password for an internal page, for example), a static-password host like Surge or tiiny.host fits that narrow case better.
- Custom domain on share links is Business-tier only ($40/seat). Starter and Pro use HummingDeck-hosted subdomains. If white-label share URLs are non-negotiable from day one, factor in the Business tier.
- Not designed for public indexable pages. HummingDeck links are private-by-default. If you want a URL that Google can index, a public marketing site is the wrong job for us.
Use it if: you're sending HTML/PDF/PPT files to specific people whose identity, engagement depth, and forwarding behavior you care about. The B2B use case (sales, fundraising, agency proposals, customer-facing demos) is what HummingDeck is built for.
The hidden axis: who actually viewed it
The pattern in the table above: most "host html" tools answer the upload question. Few answer the access question. Almost none answer the intelligence question.
For a v0 portfolio piece you're showing the world, you don't care. Throw it on GitHub Pages.
For a Claude-generated proposal you're sending to one client, the intelligence question is the entire reason you're sharing it:
- Did they open it?
- Which pages did they read?
- Did they come back?
- Did they forward it?
- Who else is now looking?
Make this question the deciding factor when picking your tool. If your use case needs answers, the shortlist collapses fast. HummingDeck is the only tool on this list that gives them. Two competitors not on this list, LiveSend and OneClickLive, also offer some per-viewer tracking in this niche and are worth evaluating if HummingDeck's pricing or feature mix doesn't fit.
The AI artifact problem
There's a separate problem worth flagging: AI tools are producing increasingly complex single-file artifacts. Claude's artifacts now routinely combine HTML, JSX, and Tailwind in one file. v0 exports are React. Lovable apps include client-side state and remote API calls.
Most static hosts serve the file as raw HTML and break the JSX. Some platforms (Claude's own publish feature, OpenAI's canvas share) run the artifact in a hardened sandbox that strips features.
The practitioner blogger Simon Willison wrote about this on December 10, 2025. He's built more than 150 single-file HTML tools with LLMs and recommends against hosting them on the LLM platform's built-in share feature because those platforms run hosted tools in tight sandboxes with restrictions that often break loading external data or images. His default recommendation is a free GitHub Pages repo, treating the single-file HTML format as the unit of distribution.
If the tool you're considering doesn't explicitly handle JSX wrapping, CSP for inline scripts, or sandbox isolation, and your artifact has any non-trivial interactivity, test before committing.
The tools that explicitly handle this layer today:
- HummingDeck (CSP/sandboxing runtime, full JSX rendering inside a tracked link)
- OneClickLive (auto-detects React/JSX, wraps with Babel-in-browser, deploys to Cloudflare edge)
- Vercel (if you're shipping the artifact as a Next.js project, not a single file)
The tools that don't:
- GitHub Pages, Cloudflare Pages, Netlify Drop, Render, Surge serve raw HTML/JS, no JSX wrapping.
- tiiny.host requires manual ZIP for JSX.
What to pick
A short decision matrix:
| If you're | Pick |
|---|---|
| A developer with a portfolio HTML file | GitHub Pages |
| A developer shipping production React | Vercel Pro or Cloudflare Pages |
| Sharing an HTML demo with a few people for free, one-off | Netlify Drop |
| Sharing HTML/PDF/decks to specific prospects and you need to know who opened what | HummingDeck |
| Sharing AI-generated artifacts with verified-viewer access (instead of a shared password) | HummingDeck (email validation) |
| Sharing JSX/React artifacts from Claude or v0 without manual wrapping | HummingDeck or OneClickLive |
| Sharing a deck + pricing + case study to one buying committee | HummingDeck Deal Room |
| Sharing fundraising materials with multiple investor partners | HummingDeck Data Room |
| Hosting a public internal page behind a single static team password | Surge Pro or tiiny.host Solo |
| Avoiding any paid tool and you have git skills | Cloudflare Pages |
Hosting is half the job
Once your HTML file is live, share it as a tracked link with HummingDeck. You'll see which page each recipient read, when they came back, and who they forwarded the link to.
FAQ
Can I host a single HTML file for free?
Yes. Netlify Drop accepts a single HTML file with no account, GitHub Pages is free if you have a GitHub repo, and Cloudflare Pages and Render both offer free static hosting. tiiny.host and HummingDeck offer free tiers with limits. The honest tradeoff: free hosting gives you a URL but rarely gives you password protection, per-viewer analytics, or commercial-use licensing.
What's the best tiiny.host alternative?
Depends on which tiiny.host limit you're hitting. If it's the 3 MB free-tier cap, Netlify Drop or Cloudflare Pages handle larger files for free. If it's the lack of per-viewer analytics, HummingDeck is the closest functional replacement. If it's the JSX/React handling, OneClickLive or HummingDeck handle Claude artifacts and v0 outputs directly.
How do I share an AI-generated HTML page (Claude, v0, Lovable) privately with a client?
The Vercel preview link is public by default. Claude's "Publish" feature gives a public URL with no analytics, and team/enterprise Claude accounts cannot publish artifacts publicly at all. The cleanest path is to upload to HummingDeck and turn on email validation, so each viewer verifies their address before they get access and you see who actually opened what. For a self-hosted alternative, Cloudflare Pages behind Cloudflare Access works if you're comfortable configuring identity policies. See the Claude artifact walkthrough for the HD path.
Does GitHub Pages allow commercial use?
Not for the page itself. GitHub's Acceptable Use Policy says Pages is "not intended for or allowed to be used as a free web hosting service to run your online business, e-commerce site, or any other website that is primarily directed at either facilitating commercial transactions or providing commercial software as a service (SaaS)." A portfolio for someone working at a company is fine. A sales asset that closes the deal on the page itself is against terms. Vercel's free Hobby tier has the same constraint for "commercial activity."
Can I track who viewed a static HTML file?
Not on most of these tools. GitHub Pages, Cloudflare Pages, Netlify Drop, Render, and Surge give you no native analytics. Vercel and tiiny.host show aggregate visits, not per-viewer identity. HummingDeck and specialist competitors (LiveSend, OneClickLive) give you per-viewer, per-page tracking, surfacing who specifically opened it, what they read, and whether they forwarded it.
What about React or JSX from Claude artifacts?
Most static hosts serve raw HTML/JS and won't render JSX without a build step. Claude artifacts combining HTML + JSX + Tailwind in a single file are a common breakage point. The tools that handle JSX in a single file without manual wrapping are HummingDeck and OneClickLive. tiiny.host requires you to wrap the artifact as a ZIP yourself; Vercel handles it if you treat the output as a Next.js project rather than a single HTML file.
Related:
- How to Share a Claude Design Artifact (HTML Deck) and Track Per-Slide Engagement: the sibling guide for the Claude artifact path specifically.
- Figma Slides Tracking in 2026: Native Share, Pitchdeck, and HummingDeck Compared: the equivalent comparison for Figma Slides, not HTML.
- HummingDeck for sales | Deal Rooms | Data Rooms | Pricing