JWT Decoder
Paste a JSON Web Token to instantly see its decoded header and payload — decoded entirely in your browser, your token is never sent anywhere.
Frequently Asked Questions
Is my token sent to a server?
No. Decoding happens entirely client-side in your browser using standard Base64URL decoding — your token is never transmitted anywhere.
Does this verify the token's signature?
No — this tool only decodes the header and payload for inspection. It does not verify the signature, since that requires the secret or public key, which should never be pasted into a third-party website.
Why do I only see two sections instead of three?
A JWT has three parts (header, payload, signature) separated by dots, but the signature is a raw cryptographic value, not JSON — so only the header and payload are decoded and shown here.
Explore CodeSpeedTest