Data inspect

Decode JWT header/payload (no signature verification) and hex-dump text. Client-side only—do not paste production secrets.

Payload is only Base64Url-decoded. Signature is not verified. Treat tokens as sensitive.

UTF-8 bytes, 16 bytes per line with ASCII column.