When you log into a website, the server often gives your browser a JWT — a token that proves who you are. Paste one here to see exactly what's inside: your user ID, email, permissions, and when it expires. Security researchers use this to find sensitive data developers accidentally encoded into tokens, or to spot weak signing algorithms that make tokens forgeable. Runs entirely in your browser — your token is never sent anywhere.