// Tool
JWT Decoder
Paste a JSON Web Token to inspect its header, payload, and signature. Decoding happens entirely in your browser — your token never leaves this page.
Frequently Asked Questions
Does this tool send my JWT anywhere?
No. Decoding happens entirely in your browser — the token is never transmitted — so it is safe to inspect tokens without exposing them.
Can this verify a JWT’s signature?
It decodes and displays the signature but does not cryptographically verify it, since that requires the issuer’s secret or public key. Verification must happen server-side.
Is the payload of a JWT encrypted?
No. A standard signed JWT (JWS) is only Base64URL-encoded, not encrypted — anyone can read the payload. Never put secrets in a JWT unless it is an encrypted (JWE) token.
