Encrypt Online
Privacy All tools run entirely in your browser.

JWE Header Decoder

Decode the protected header from a compact JWE before you debug keys or ciphertext

Safety note: This page only decodes the protected header from compact JWE input. It does not decrypt the payload, fetch keys, or claim that the token is valid.
Decode a compact JWE headerPaste a five-segment compact JWE, inspect the protected header JSON, and confirm whether the token shape is really JWE or just a signed JWT
Compact JWE has 5 segments. A 3-segment token is usually a signed JWT or JWS instead.
What This Decoder Reads

This page decodes the protected header from compact JWE so you can read fields such as alg, enc, kid, or zip without trying to decrypt anything.

Decode a Compact JWE Header
  1. Paste the compact JWE exactly as received.
  2. Click Decode protected header.
  3. Read the header JSON first to confirm the key-management and content-encryption algorithms before debugging anything else.
Why Token Shape Matters

Developers often paste a 3-segment signed JWT into a JWE flow by mistake. This page fails fast on that shape mismatch so you can stop debugging the wrong class of token.