JWT Decoder
Decode any JSON Web Token — header, payload, signature — in your browser.
- No upload
- Browser-based
- Free
- No signup
- Text
Header
Payload
Signature (not verified)
Runs in your browser. Your text never leaves your device.
Frequently asked questions
- Is my JWT sent anywhere?
- No. JWTs often contain sensitive claims — that's exactly why this tool runs entirely in your browser. Nothing leaves your device.
- Does it verify the signature?
- No. Verification needs the signing key (secret for HS256, public key for RS256). This tool decodes only — safer, and the common use case is debugging payload contents.
- Are the timestamps human-readable?
- Yes — `iat`, `exp`, and `nbf` are shown both as raw epoch and as a local date/time.
- Which algorithms are supported?
- All algorithms — decoding is format-only. Signature is shown as base64 but not verified.