Developer ยท debug only

URL & JWT

Percent-encode URLs using encodeURIComponent, or inspect JWT header and payload โ€” all locally in your browser.

URL encode / decode

Uses encodeURIComponent / decodeURIComponent.

URL Encoding & JWT Inspection Explained

What is URL encoding?

URLs can only contain a limited set of ASCII characters. Special characters like spaces, ampersands, and Unicode must be percent-encoded โ€” replaced with a % sign followed by two hex digits. For example, a space becomes %20 and an ampersand becomes %26.

JavaScript's encodeURIComponent() encodes everything except unreserved characters (letters, digits, - _ . !). This tool uses that function for "whole text" mode, or applies it line-by-line for bulk log processing.

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token used to transfer signed claims between services. A JWT has three Base64URL-encoded segments separated by dots: Header (algorithm info), Payload (claims like user ID, expiry), and Signature (cryptographic proof).

This tool decodes the header and payload so you can inspect claims during development โ€” for example, checking the exp expiry time or reading custom fields. The signature is not verified. Never use this output as proof of token validity in production.

Frequently Asked Questions

encodeURI encodes a full URL and leaves structural characters like :/?#[]@!$&'()*+,;= unencoded. encodeURIComponent encodes everything except unreserved characters, making it safe for query parameter values. This tool uses encodeURIComponent.

All decoding happens locally in your browser โ€” tokens are never sent to any server. However, exercise caution with long-lived production tokens. For debugging purposes, it is safe to paste tokens from your development environment.

Signature verification requires the secret key or public key used to sign the token. A client-side tool cannot securely verify signatures without exposing your secret. Always verify JWTs server-side using your auth library (e.g., jsonwebtoken, jose).