JWT Decoder
Decode and inspect the header and payload of a JSON Web Token.
The signature is not verified. Decoding happens entirely in your browser — never paste production secrets you do not trust this device with.
Header
—
Payload
—
Formula & methodology
The dot-separated segments are Base64URL-decoded and parsed as JSON. The signature segment is not validated.
Frequently asked questions
Does it verify the signature?
No. It only decodes for inspection. Never trust a token based on decoded contents alone.
Is it safe to paste tokens?
Decoding is local, but avoid pasting production secrets on shared devices.
Privacy
All processing happens locally in your browser. Your data is never uploaded.
Disclaimer: The signature is not verified; do not use this tool to authenticate tokens.