Paste a JWT to inspect its header and payload.
This only decodes the token to inspect its contents — it does not verify the signature.