Verify, do not trust
How to verify PayloadBench does not upload your JSON
PayloadBench is built around a simple privacy test: open DevTools, watch the Network tab, paste JSON, and check whether any request contains your pasted content. This page documents the test and the boundaries.
Network tab test
- Open PayloadBench and wait for the page to finish loading.
- Open DevTools with F12 or your browser menu.
- Switch to the Network tab and clear the existing log.
- Paste test JSON and run the tool.
- Inspect requests created after the action.
- Confirm that no request URL or body contains your pasted JSON.
Offline test
- Load the PayloadBench page first.
- In DevTools Network, choose Offline.
- Paste JSON and run a local operation.
- If the operation still works, that is evidence the processing happened in the browser rather than through a server round trip.
Core tools covered by this boundary
JSON Formatter
Formats and validates pasted JSON in the browser.
JSON Viewer
Parses JSON and renders a local tree view.
JSON Beautifier
Beautifies minified JSON locally.
JSON Parser
Inspects fields and types without sending JSON to a server.
JSON Diff
Compares two pasted JSON objects in the browser.
JWT Decoder
Decodes header and payload locally. It does not verify signatures.
JSONPath Query
Evaluates JSONPath expressions client-side.
JSON Schema Validator
Runs schema validation in the browser with Ajv.
Network boundaries
PayloadBench loads application assets. Launch Access activation is stored locally and does not call a payment or license endpoint. Pasted JSON, JWTs, schemas, JSONPath expressions, and formatted output should not be included in those requests.
Data you still should not paste
- Production access tokens or refresh tokens
- Private keys, database URLs, or cloud credentials
- Customer PII, medical records, banking data, or regulated data
- Incident payloads that your company policy forbids in browser tools
If you find an unexpected request
Capture the request URL, method, and the PayloadBench page where it happened. Do not share real secrets or production payloads. Open a GitHub issue so the behavior can be inspected and fixed.
Learn how to check whether any online JSON formatter uploads pasted content
FAQ
- Does PayloadBench upload my pasted JSON?
- PayloadBench core tools are designed to process pasted JSON, JWTs, JSONPath queries, and schemas in your browser. You can verify this with DevTools Network by checking that no request contains your pasted content while the tool runs.
- Does PayloadBench make any network requests?
- Yes. The website loads application assets, but Launch Access activation is stored locally and does not call a payment or license endpoint. The privacy boundary is that core tool operations must not send pasted JSON, JWTs, schemas, query expressions, or formatted output.
- Can I use PayloadBench for any secret or regulated data?
- No tool should be treated as a universal approval to paste secrets. PayloadBench is built to reduce upload risk for local browser workflows, but you should still follow your company's data handling policy.
Need Diff, JWT, JSONPath, or Schema? Try each Pro tool 5 times free