πŸ› οΈ Developer Tools
Β· 1 min read

Free JWT Decoder

Paste a JWT to decode it. Your token never leaves your browser.

1000).toLocaleString()]); if(payload.nbf)claims.push([β€˜nbf (Not Before)β€˜,new Date(payload.nbf*1000).toLocaleString()]); if(claims.length){ html+=’
πŸ”‘ Standard Claims
’; claims.forEach(([k,v])=>{html+='';}); html+='
'+k+''+v+'
'; } // Signature html+=’
πŸ”’ Signature
Algorithm: β€˜+header.alg+β€˜
⚠️ Signature verification requires the secret key, which this tool does not have. This tool only decodes β€” it does not verify.
’; el.innerHTML=html; } function timeAgo(date){ const s=Math.abs(Math.floor((new Date()-date)/1000)); if(s<60)return s+β€˜s ago’;if(s<3600)return Math.floor(s/60)+β€˜m ago’; if(s<86400)return Math.floor(s/3600)+β€˜h ago’;return Math.floor(s/86400)+β€˜d ago’; } document.getElementById(β€˜jwt-input’).addEventListener(β€˜input’,decodeJWT); decodeJWT();

What is a JWT?

A JSON Web Token has three parts separated by dots:

header.payload.signature
  • Header β€” algorithm and token type
  • Payload β€” claims (user data, expiration, etc.)
  • Signature β€” verifies the token hasn’t been tampered with

Security Note

This tool runs entirely in your browser. Your JWT is never sent to any server. However, never paste production tokens with sensitive data into any online tool you don’t trust.

Related: AI Security Checklist

You might also like

Free CSP Header Builder

Build a Content-Security-Policy header visually. Pick sources for scripts, styles, images, and more β€” get a ready-to-use CSP header. Runs in your browser.

Free HTTP Header Analyzer

Inspect HTTP response headers from any URL. Check security headers, caching, CORS, and more. Runs in your browser.

Free SSL Certificate Decoder

Paste a PEM certificate and see issuer, subject, expiry, SANs, and more. Check if your cert is valid. Runs in your browser β€” nothing leaves your machine.

Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text. Runs entirely in your browser using the Web Crypto API.