JWT Security Checker — Audit JWT Issues

Paste a JWT to decode header and payload and list security issues by severity. Does not verify signatures — paste-only.

Risk level

    How to use

    1. Paste the JWT token in the input field.
    2. Review decoded header, payload, and security issue list.
    3. Fix high-severity issues before deploying to production.

    Frequently asked questions

    Does this verify the JWT signature?

    No. It audits common security issues in header and payload claims — paste-only decode.

    What issues are flagged?

    alg none, missing exp, expired tokens, weak symmetric setup, and missing subject claims.

    Is it safe to paste production JWTs?

    Processing is local in your browser, but avoid pasting live secrets in shared environments.

    Is my JWT sent to a server?

    No. Auditing happens entirely in your browser.

    Last updated

    Powered by maratool