Is my token sent anywhere?

No. The JWT is decoded entirely in your browser — important, since tokens are sensitive credentials.

Does it verify the signature?

No. Decoding only reads the header and payload; verifying the signature requires the secret or public key, which this tool never asks for.

What are exp / iat / nbf?

Standard JWT time claims (expiry, issued-at, not-before). They're shown as human-readable UTC times.

JWT Decoder

Inspect a JWT's header and payload.

100% in your browser — nothing uploaded

About this tool

Decode a JSON Web Token to read its header and payload, with human-readable timestamps. Decoded locally — your token is never uploaded and the signature is not verified.

Files are processed on your device — nothing is uploaded.
No account, no watermark, no daily limits.
Works offline once the page has loaded.

Frequently asked questions

Is my token sent anywhere?: No. The JWT is decoded entirely in your browser — important, since tokens are sensitive credentials.
Does it verify the signature?: No. Decoding only reads the header and payload; verifying the signature requires the secret or public key, which this tool never asks for.
What are exp / iat / nbf?: Standard JWT time claims (expiry, issued-at, not-before). They're shown as human-readable UTC times.

Related tools

Favicon Generator

Make favicons in every size from one image.

Dev

JSON Formatter

Format, validate and minify JSON.

Dev

Base64 Encode / Decode

Convert text to and from Base64.

Dev

URL Encode / Decode

Percent-encode or decode URL text.

Dev