🔒 Decoded entirely in your browser — nothing sent to a server
Paste a JWT
Paste a JWT above — header, payload, and expiry will be decoded instantly
💡 JWTs are not encrypted — anyone can decode the header and payload without a secret. Never put sensitive data (passwords, secrets) in a JWT payload. Only the signature proves the token wasn't tampered with, and only if you verify it.