Payload Analyzer
Paste a JWT, hash, Base64, hex string, URL-encoded data, or HTTP response headers. Format is detected automatically. All analysis is local — nothing leaves your browser.
Supported formats
JWT Decodes header & payload, checks algorithm, expiry, and security issues
Hash Identifies MD5, SHA-1/224/256/384/512, NTLM, bcrypt, argon2 by structure
Base64 Standard and URL-safe Base64 — decodes to text or hex if binary
Hex Decodes hex-encoded data, shows ASCII output and printability
URL-encoded Decodes %XX percent-encoding, supports nested encoding detection
HTTP Headers Analyzes security headers: CSP, HSTS, X-Frame-Options, and more
IPv4 Classifies address: private, loopback, public, multicast, APIPA