UtilHero

JWT Decoder

Decode a JSON Web Token's header and payload — in your browser.

Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}
  • iat — issued at 1/18/2018, 1:30:22 AM

Decoded in your browser. The signature is not verified— decoding only reveals the contents, it doesn't prove the token is authentic.

About JWT Decoder

A JWT decoder reveals the header and payload of a JSON Web Token without needing the signing secret. Paste a token and it splits and Base64URL-decodes the segments to show the algorithm, claims, and any expiry. Decoding happens entirely in your browser, so your token stays private.

Frequently asked questions

Does decoding verify the signature?
No. Decoding only reads the header and payload — it does not verify the signature. Never trust a token's claims without verifying it server-side.
Is a JWT encrypted?
Usually not. A standard JWT's header and payload are only Base64URL-encoded and readable by anyone. Don't put secrets in a JWT payload.
Is my token uploaded?
No. The token is decoded locally in your browser and never sent anywhere.

More tools