Component	Estimated JSON Characters/Bytes	Notes
JWT Header (JSON String)	~40 characters	Example: {"alg":"HS256","typ":"JWT"}
Fixed Payload Claims (JSON String)	~200 characters	iss, exp, iat, userid, email, plus the permissions array structure {"permissions":[]}
Average Permission String Length	10 characters	E.g., USER_CREATE
Overhead per Permission in Array	~3 characters	For quotes ("") and comma (,) in JSON, i.e., "PERMISSION",
Effective Length per Permission in JSON Payload	13 characters	(10 characters for string + 3 characters for overhead)
Base64Url Encoding Overhead	~33%	Converts 3 bytes of raw data into 4 Base64 characters
JWT Signature (Encoded)	~43 bytes	Fixed size for HS256 algorithm