JWT Decoder

Decode a JWT's header and payload and inspect its claims. Signature is not verified.

Frequently asked questions

Does this verify the JWT signature?

No. This only decodes the header and payload, which are base64url-encoded but not encrypted — anyone can read them without a key. Signature verification requires the secret or public key and isn't performed here.

Is my token sent anywhere?

No — decoding happens entirely in your browser. That said, treat real tokens as sensitive and avoid pasting production tokens into any third-party tool you don't fully trust.