Cryptographically secure keys and tokens. Hex, Base64, Base64URL or alphanumeric, any length.
Yes. Every byte comes from the browser's crypto.getRandomValues(), the same secure generator used for cryptographic keys, not the predictable Math.random().
Hex and Base64URL are the most common for API keys and tokens because they are URL-safe and copy cleanly. Alphanumeric avoids symbols entirely if a system rejects them.
No. Keys are generated locally in your browser and never transmitted, so they are safe to use as real secrets.