Comment Syntax
<!-- This is an HTML comment β the browser ignores everything here -->
<!-- Single line comment -->
<!--
Multi-line comment.
Everything inside is ignored by the browser.
Useful for longer explanations.
-->
<p>This paragraph is visible.</p>
<!-- <p>This paragraph is commented out β not rendered.</p> -->
<p>This paragraph is also visible.</p>
Anyone can view your HTML comments by pressing Ctrl+U (View Source) or using browser DevTools. Never put passwords, API keys, internal notes about bugs, or sensitive business information in HTML comments β they are publicly visible.
When to Use Comments
<!-- ===================== HEADER ===================== -->
<header class="site-header">
<nav>...</nav>
</header>
<!-- =================== END HEADER =================== -->
<!-- ====================== HERO ====================== -->
<section class="hero">
...
</section>
<!-- TODO: Replace placeholder image with final product photo -->
<img src="placeholder.jpg" alt="Product photo coming soon">
<!-- NOTE: This div is needed for the JavaScript slider to work.
Do not remove even though it appears empty. -->
<div id="slider-container"></div>
<!-- Temporarily disabled β A/B testing in progress
<div class="old-banner">
<p>Old promotional message</p>
</div>
-->
Comment Shortcuts
In VS Code, select code and press Ctrl+/ (Windows/Linux) or Cmd+/ (Mac) to toggle HTML comments on/off. This is the fastest way to comment out sections during debugging.
HTML Comments: Visible to Anyone Who Views Source
An HTML comment is <!-- ... -->. The browser ignores it, but β unlike server-side code β it's shipped to the user and visible in "View Source." That has a real consequence.
<!-- Navigation -->
<nav>...</nav>
<!-- β NEVER do this β the whole world can read it -->
<!-- TODO: temp admin password is hunter2 -->
| Do | Don't |
|---|---|
| label sections | leave sensitive notes |
| temporarily disable markup | rely on them being private |
The security point: HTML comments travel to the browser and are trivially readable by anyone (right-click β View Source). Never put passwords, internal URLs, API keys, or "TODO: security hole here" notes in them. Handy uses: labeling major sections for other developers, and temporarily "commenting out" a block of markup while debugging (<!-- <div>...</div> -->). Gotcha: you can't nest comments β a --> inside ends the whole comment early. Note: comments add bytes to every page load, so production build tools often strip them; keep them in your source for clarity, but don't rely on them for anything the user shouldn't see.
ποΈ Practical Exercise
- Add a comment above your
<h1>explaining what the page is for. - Comment out a whole paragraph so it stops showing in the browser, then open View Source to confirm it is still in the HTML.
- Write a multi-line comment describing a section of your page.
- Use a comment to leave a
TODOnote for a feature you will add later. - Open DevTools and confirm your comments appear in the page source.
π₯ Challenge Exercise
Build a small page with three regions (header, content, footer). Add a descriptive comment before each region. Then temporarily disable the footer using a comment without deleting it, reload, and re-enable it. In a final comment, explain why comments are useful for debugging.
π Summary
- Syntax:
<!-- comment text -->β everything inside is ignored by the browser. - Comments are publicly visible in page source β never put sensitive data in them.
- Good uses: section dividers, TODO notes, explaining non-obvious structure, temporarily disabling code.
- VS Code shortcut: Ctrl+/ to toggle comments on selected HTML.
Interview Questions
- What is the syntax for an HTML comment?
- Are HTML comments visible to website visitors?
- Can HTML comments be nested inside each other?
- Why should you avoid putting sensitive information in HTML comments?
- How are comments useful when debugging a broken layout?
Related Topics
FAQ
Negligibly. A comment adds a few bytes and the parser simply skips it. For production, build tools often strip comments to trim file size, but the performance impact is tiny either way.
No. Anyone can open View Source or DevTools and read commented-out HTML. Never store passwords, API keys, or private notes in comments.

