Decode a JWT's header and payload in your browser.
Decoded locally — the signature is shown but not verified.