Search tools and pages.
Build CSP policies, test CORS, debug JWT tokens, and inspect SSL/TLS chains with security-focused workflows
Decode JWTs, verify HMAC, RSA, and EC signatures (paste secret/PEM or fetch JWKS), inspect claims, and visualize the exp/nbf/iat timeline
Passive Access-Control-Allow-Origin matcher — paste a header value plus a list of origins to confirm wildcard, scheme, and subdomain rules
Build a Content Security Policy header from per-directive cards with chip-style sources, presets, and a live header + meta-tag preview
Send a real OPTIONS preflight and the actual request from a server proxy and inspect the per-rule CORS verdict for any origin
Probe a host:port and render the full TLS certificate chain with subject, issuer, SAN, key, signature, fingerprints, and days-until-expiry
