JWT Debugger

Decode and validate JSON Web Tokens. Flags security issues including none algorithm, missing expiry, and expired tokens.

Decoded entirely in your browser. Your token never leaves this page — no network requests are made.
Paste a JWT above to decode

See also: How to decode a JWT

You might also need
🔑OAuthFixer
Diagnose OAuth errors — invalid_grant, redirect_uri mismatch
🔒HeadersFixer
Scan security headers and get stack-specific fixes
CORSFixer
Test live CORS preflight and get the middleware fix
Done with this tool?
20 HTTP checks before you ship — security, CORS, cache, redirects, staging.
Pre-Launch Checklist →
📖 HttpFixer Blog — fix guides, explainers, and references →
HttpFixer by MetricLogic · OAuthFixer · All Tools MIT · GitHub → · About · Privacy

For informational purposes only. Always test in staging before production. MetricLogic accepts no responsibility for issues arising from use of these tools. © 2026 MetricLogic.