Free Online JWT Inspector - Decode & Analyze JSON Web Tokens
Inspect JWT tokens in depth: decode header, payload, and signature; verify expiry; view all standard and custom claims; color-coded by algorithm type. Free, browser-based.
Paste a JWT above to inspect its contents
What is a JWT Inspector?
A JWT Inspector is a developer tool that decodes and analyzes JSON Web Tokens (JWTs). Unlike a basic decoder, a JWT inspector shows you the full token structure—header, payload, and signature—with rich formatting, algorithm details, human-readable timestamps for iat/exp/nbf claims, expiry status indicators, and a reference for all standard RFC 7519 claims. All processing is 100% client-side; your token never leaves your browser.
How to Use the JWT Inspector
- Paste your JWT token (the eyJ… string) into the input field — decoding happens instantly.
- Review the Header section to see the signing algorithm (HS256, RS256, etc.) and token type.
- Inspect the Payload section for all claims, including human-readable timestamps for iat, exp, and nbf.
- Check the expiry badge to see whether the token is still valid, expired, or not yet active.
JWT Inspector Features
- Instant decoding — no button press needed, updates as you type
- Human-readable iat / exp / nbf timestamps with relative time display
- Live expiry status badge — Valid, Expired, or Not Yet Valid
- Color-coded sections for Header (red), Payload (purple), and Signature (blue)
- Standard claims reference table for quick RFC 7519 lookup
JWT Inspector FAQ
Is my JWT token safe to paste here?
Yes. All decoding happens entirely in your browser using JavaScript. Your token is never sent to any server. However, avoid pasting production tokens containing sensitive payloads in public or shared environments.
Can this tool verify the JWT signature?
No. Signature verification requires the secret key (for HMAC algorithms) or the public key (for RSA/ECDSA algorithms), which are never sent to a client. This tool decodes and inspects the token structure only.
What is the difference between jwt-inspector and jwt-decoder?
jwt-decoder (also on this site) decodes the basic claims. jwt-inspector adds deeper analysis: expiry status with relative time, per-claim type coloring, a standard claims reference, and a raw/parsed toggle.