HTML Form Validator — free online tool.
Paste any HTML <form> snippet (or a full HTML page) and get a categorized report: correctness, accessibility, spam resistance, and best-practice checks — plus a fixed version you can copy. Runs entirely in your browser. Nothing is uploaded, nothing is logged.
What this tool checks
Four categories, weighted toward correctness because a form that doesn't submit is worse than a form that submits inelegantly.
- 40 points
Correctness
Form has an action. Method is POST. Every input has a name. A submit button exists. No duplicate name values. Opening and closing tags balance. The structural rules that determine whether the form actually submits the data you expect to your backend.
- 30 points
Accessibility (a11y)
Every input has an associated <label> or aria-label. Required fields use the required attribute. The form has an accessible name. Common fields (email, name, tel) declare autocomplete. Submit buttons have visible text. Inline styles avoid obvious low-contrast pairings.
- 20 points
Spam resistance
Honeypot field present (hidden input bots auto-fill but humans skip). CAPTCHA / Turnstile / hCaptcha markers detected when present. Form posts to a real server endpoint, not mailto: — mailto: forms have zero spam filtering and leak your email address into your HTML.
- 10 points
Best practices
Email inputs use type="email". Phone inputs use type="tel" with inputmode="tel" so mobile shows the dial pad. Long-text fields are <textarea>, not <input>. Form has a unique id for analytics. File inputs declare an accept attribute.
Form validator FAQ
What does this HTML form validator actually check?
Four categories of checks. Correctness covers structural fundamentals: action attribute, method="POST", every input has a name, a submit button exists, no duplicate names, balanced opening/closing tags. Accessibility covers labels (every input must have a <label> or aria-label), required-attribute usage, an accessible form name, autocomplete on common fields (email, name, tel), submit-button text, and a low-contrast warning for inline styles. Spam resistance looks for a honeypot field, optional CAPTCHA markers, and whether the form posts to a real backend (not mailto:). Best practices verify type="email", type="tel" with inputmode, <textarea> for long text, a unique form id, and accept attributes on file inputs.
Is my form code stored or sent anywhere?
No. The validator runs entirely in your browser. We use the built-in DOMParser to read the HTML you paste — nothing is uploaded, logged, or sent to any server. You can disconnect from the internet after the page loads and the tool keeps working. Open DevTools and watch the Network tab if you want to confirm: there's no request when you paste or edit your form.
How is the form score calculated?
Each category contributes a weighted slice of 100. Correctness is worth 40 points, accessibility is worth 30, spam resistance is worth 20, and best practices are worth 10. Within a category, every check is equally weighted: a pass earns full credit, a warn earns half credit, and a fail earns nothing. A score above 80 is a healthy form. 50–79 is a usable form with avoidable problems. Below 50 means the form will lose submissions, leak spam, or trip accessibility audits.
What is a honeypot field and why do I need one?
A honeypot is a hidden form field that real users never see and never fill in. Bots that auto-fill every input fill it, and your backend drops any submission where the value is non-empty. It's free, fast, and catches the dumb 40% of contact-form spam at zero cost. The standard pattern is an <input type="text" name="botcheck" tabindex="-1" autocomplete="off" style="position:absolute;left:-9999px">. The validator looks for inputs whose name matches common honeypot conventions (botcheck, _gotcha, honey, trap) combined with hidden styling. splitforms processes the honeypot automatically — you just include the field in your HTML.
Why use a form backend instead of mailto: links?
Mailto: forms are unreliable, leak your email address into your HTML, depend on the visitor having a configured mail client, and have zero spam filtering. Roughly half the visitors on a typical contact page never complete a mailto: submission — clicking the button opens a desktop mail app they don't use. A form backend (splitforms, Formspree, Netlify Forms, your own server) accepts a POST, stores or forwards the submission, and applies spam filtering before anything reaches your inbox. splitforms is free for 1,000 submissions per month with honeypot + AI-classifier spam protection on every plan.
Can the validator fix my form automatically?
It generates a suggested fixed version of the form with the safe auto-fixes applied — missing method/action, honeypot field, autocomplete on common fields, correct types for email/phone, an accessible form name, and a stable form id. The fixed version is shown in a copy block. Manual decisions (which fields to make required, label wording, custom styling) are left to you because there's no safe default. The validator never modifies the original markup — only renders a regenerated alternative.
Does the validator work for forms inside frameworks (React, Next.js, Vue)?
Yes — paste the rendered HTML, not the JSX. React/Vue components compile down to HTML, and that's what the validator parses. The easiest workflow is to load your form in a browser, right-click the <form> element, choose 'Copy outerHTML' (Chrome DevTools), and paste here. The validator does not parse JSX, template literals, or framework-specific syntax — it parses plain HTML.
Is this related to splitforms?
Yes — splitforms.com is a form-backend SaaS for developers, and the validator is one of several free dev tools we ship to demonstrate the kind of checks our backend applies on every live submission. The tool itself is completely free with no signup, no rate limit, and no watermark. If you need a real form backend after running the validator, splitforms is free for 1,000 submissions per month with honeypot, heuristic, and AI-classifier spam handling included.
Ship a clean form. Skip the spam triage.
splitforms is a free form backend for developers — point any HTML form's action at our endpoint, get submissions in your inbox with honeypot + AI spam filtering, webhooks, and a real dashboard. 1,000 submissions per month, free forever.
Try splitforms free →