I use this.
Header + Payload are stored in LocalStorage and sent in a header with fetch.
Signature is in a cookie with HttpOnly.
The server stitches the header with the cookie and then validates the JWT. This works well in IE 11 which does not support SameSite cookies.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.