Header contains metadata — the algorithm (alg) used to sign the token and the token type (typ).
Payload contains the claims — user data like sub (subject), iat (issued at), exp (expiration), and any custom fields.
Signature is generated by signing base64(header).base64(payload) with a secret key. This verifies the token hasn't been tampered with.
This tool decodes the header and payload client-side. Signature verification requires the secret key — never share it!