.woff

Web Open Font Format

WOFF (Web Open Font Format) packages OpenType or TrueType font data with zlib compression for efficient delivery over the web.

Learn more ↓

Font structure

Header table directory

Tables glyf · cmap

Outlines glyph paths

woff2010Open

By FileDex

Not convertible

Web font compression format. Font conversion requires glyph processing not available in browser WASM.

Common questions

How do I open and inspect a WOFF file?

Use FontForge or the online tool wakamaifondue.com to open and examine WOFF contents. FontForge can import WOFF directly and display all glyph outlines, metrics, and metadata tables. You can also convert WOFF to TTF/OTF within FontForge for inspection with other font editors.

What is the difference between WOFF and WOFF2?

WOFF uses zlib compression while WOFF2 uses Brotli, which typically compresses 20-30% smaller. WOFF2 also applies preprocessing transforms to TrueType glyph tables before compression. Both formats wrap the same underlying OpenType/TrueType data and all modern browsers support both.

Can I use WOFF files outside a web browser?

Desktop applications generally cannot load WOFF directly since it is designed for web delivery. You need to decompress it back to TTF or OTF first using tools like woff2sfnt or FontForge. The resulting file is identical to the original font and can be installed system-wide.

Why does my WOFF file fail to load in the browser?

The most common cause is an incorrect MIME type on the server response. WOFF requires `font/woff` and WOFF2 requires `font/woff2`. CORS headers must also allow the font origin if it differs from the page origin, since browsers enforce cross-origin restrictions on font resources.

What makes .WOFF special

Web Open Font Format files wrap existing OpenType or TrueType fonts in a compressed container purpose-built for HTTP transfer. WOFF applies zlib compression to individual OpenType/TrueType tables rather than to the file as a whole, achieving approximately 40% average reduction while allowing browsers to decompress only the tables they need for initial rendering. This per-table strategy means a browser rendering a Latin-only page can skip decompressing CJK glyph tables entirely.

Continue reading — full technical deep dive

Binary Layout

Every WOFF file begins with the magic bytes 77 4F 46 46 (ASCII "wOFF"). The 44-byte header that follows records the font flavor (matching the original sfnt version), total file length, number of tables, and the totalSfntSize field indicating the uncompressed font size. After the header, a table directory lists each font table with its original and compressed lengths, offsets, and checksums. Browsers use this directory to seek directly to required tables.

WOFF2 and Brotli

The successor format, WOFF2, replaces zlib with Brotli compression and changes the magic bytes to 77 4F 46 32 ("wOF2"). Brotli typically achieves 20-30% better compression than zlib on font data. WOFF2 also introduces table transforms that preprocess glyf and loca tables before compression, squeezing additional bytes out of TrueType outlines. All modern browsers support both versions.

Serving and CSS Integration

Servers must return WOFF files with the MIME type font/woff (or font/woff2 for the newer variant). In CSS, authors reference WOFF through @font-face declarations, specifying format('woff') or format('woff2') in the src descriptor. Browsers that recognize the format string skip downloading alternatives listed later in the cascade. A well-ordered @font-face rule lists WOFF2 first, WOFF second, and a raw TTF/OTF last as fallback.

Ecosystem Adoption

Font distributors like Google Fonts serve WOFF2 by default and fall back to WOFF for older clients. Type foundries ship WOFF packages as the standard web license deliverable. Tools such as woff2_compress and sfnt2woff handle conversion between raw OpenType and the compressed web formats, preserving all original hinting and metadata tables.

Technical reference

Specs CLI Security

MIME Type: font/woff
Magic Bytes: 77 4F 46 46 wOFF signature.
Developer: World Wide Web Consortium (W3C)
Year Introduced: 2010
Open Standard: Yes — View specification

00000000774F4646 wOFF

wOFF signature.

Binary Structure

A 44-byte header starting with magic bytes 77 4F 46 46, followed by a table directory that maps each OpenType/TrueType table to its compressed offset and length, then the zlib-compressed table data blocks in sequence.

Inspect WOFF header fields other

python3 -c "import struct, sys; d=open(sys.argv[1],'rb').read(); h=struct.unpack('>4sIIHHIIHHII',d[:44]); print(f'Magic: {h[0]}  Flavor: {h[1]:#010x}  Tables: {h[3]}  Size: {h[2]}  SfntSize: {h[5]}')" font.woff

Reads the first 44 bytes and unpacks the WOFF header according to the spec's big-endian layout. Displays the magic signature, font flavor, table count, file size, and original sfnt size.

LOW

Attack Vectors

Malformed table directory entries could trigger out-of-bounds reads in font parsers
Crafted zlib streams targeting decompression bombs (small compressed size, huge original size claim)

Mitigation: FileDex does not parse, render, or execute these files. Reference page only.