If you’ve worked in web development or DevOps for any length of time, you’ve accumulated a collection of bookmarked online tools. JWT.io for decoding tokens. Various JSON formatters. Base64 decoders. YAML validators. URL parsers. The list goes on.
I found myself constantly jumping between these tools, often not even remembering which bookmark was which, and frequently pasting data into the wrong one before realising I needed a different tool entirely. The mental overhead of “what format is this, and which tool do I need” became increasingly irritating.
So I built DecodeThis – a single tool that auto-detects what you’ve pasted and immediately shows you the relevant parsing, formatting, and analysis options.
How It Works
Paste or drop any data and it figures out what it is. JWT tokens get decoded with header and payload inspection. JSON gets pretty-printed with a tree view. URLs get broken down into their components. DNS records get parsed with warnings for common misconfigurations.
Currently supported formats:
- JWT tokens (with signature verification if you add your keys)
- JSON and JSONC
- YAML
- TOML
- XML and SAML assertions
- Base64 encoded data
- URLs and query strings
- HTTP headers
- X.509 certificates
- SQL queries
- GraphQL queries
- CSV data
- Environment variables (.env files)
- DNS records (including SPF, DMARC, DKIM, BIMI, TLSA, and full zone files)
Practical Use Cases
Debugging authentication issues: Paste a JWT from your request headers to instantly see if the token is expired, check the issuer, or verify the signature against your public key. No need to manually split on dots and base64 decode each part.
DNS troubleshooting: Paste your SPF or DMARC record and get immediate feedback on syntax issues or potential problems. The tool warns about common mistakes like exceeding lookup limits or missing alignment settings.
API development: Copy response headers from your browser’s network tab directly – they get parsed into a clean table showing content types, cache settings, and security headers at a glance.
Configuration review: Paste Kubernetes YAML, docker-compose files, or any config format. Get syntax validation and a navigable tree view without switching between different validators.
Certificate inspection: Paste a PEM-encoded certificate to see expiry dates, subject details, SANs, and the full certificate chain without firing up OpenSSL.
Privacy: Browser-Only Processing
One of the main reasons I built this rather than just using existing tools is the privacy issue. When you’re debugging production issues, you’re often dealing with real tokens, real API responses, and real configuration that may contain secrets or sensitive data.
Plenty of online tools send your data to a server for processing. Some are upfront about it, others less so. When you’re pasting a JWT that contains user information, or decoding a base64 blob that might be credentials, that’s a problem.
DecodeThis does all processing locally in your browser. Nothing is ever sent to any server. The entire application is static files – there’s no backend to send data to even if it wanted to. This means you can safely paste production tokens, certificates with private keys (for local verification), or any other sensitive data without worrying about where it ends up.
Try It
The tool is free to use at decodethis.dev. Just paste something and see what happens. If you find a format that should be supported or have feedback, there’s a contact button in the corner.