Paste a JWT below to decode its header and payload. Provide a secret key to verify the signature (supports HS256). All processing is done in the browser.
No cookies, no tracking, no analytics. Is that ok?