Developer Utilities Tools
Free diagnostic tools and related guides for checking Developer Utilities issues in one place.
What should I check first for Developer Utilities issues?
For Developer Utilities issues, start with JSON Formatter / Validator to capture the current state, then use JWT Decoder to narrow the cause. If the result is unclear, read the related guide and open the next tool before changing settings.
Recommended Check Order
Open the tools in this order to narrow the issue before you change DNS, email, security, privacy, or network settings.
Check the current state: JSON Formatter / Validator
Format, validate, and minify JSON in your browser.
Narrow the cause: JWT Decoder
Decode JWT header/payload and verify expiration claims.
Cross-check the result: Regex Tester
Test regular expressions against sample text in real time.
Common Symptoms
Common problem patterns grouped by tool. If a symptom matches, start with that check.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Conversion or validation differs from another tool.
Character encoding, line endings, whitespace, escaping, or invisible leading/trailing characters can change results.
Split the input across JSON, URL, and Base64 tools, then use diff to find source differences first.
Which tool should I open first?
Use this matrix to match the symptom to the right tool, the signal to check, and the next action.
JSON Formatter / Validator
Format, validate, and minify JSON in your browser.
Use the JSON Formatter / Validator result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
JWT Decoder
Decode JWT header/payload and verify expiration claims.
Use the JWT Decoder result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
Regex Tester
Test regular expressions against sample text in real time.
Use the Regex Tester result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
Text Diff
Compare two text blocks and highlight differences.
Use the Text Diff result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
Timestamp Converter
Convert Unix timestamps to readable date/time and back.
Use the Timestamp Converter result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
Hash Generator
Generate common hashes such as SHA-256, SHA-1, and MD5.
Use the Hash Generator result to narrow Developer Utilities issues.
After reviewing the result, cross-check it with a related tool or guide.
How To Choose The Right Tool
Structured Data and Visible Answer Alignment Checklist
Adding FAQ, HowTo, or Article JSON-LD is not enough if the visible answer, steps, dates, and canonical signals say something different. Google validates supported structured data through rich result tooling and expects markup to represent the content users can actually see. Hidden FAQ markup or date-only Article updates can become a quality risk instead of an AEO or revenue recovery signal.
Text Diff
Compare two text blocks and highlight differences.
Frequently Asked Questions
Developer Utilities: what should I check first?
For Developer Utilities issues, start with JSON Formatter / Validator to capture the current state, then use JWT Decoder to narrow the cause. If the result is unclear, read the related guide and open the next tool before changing settings.
Which tools should I run first?
Run JSON Formatter / Validator, JWT Decoder, Regex Tester in that order to separate current state, likely cause, and cross-check signals.
What should I read if the result is unclear?
If the result is unclear, open Structured Data and Visible Answer Alignment Checklist and review the same problem as a checklist.
Tools To Run
JSON Formatter / Validator
Format, validate, and minify JSON in your browser.
JWT Decoder
Decode JWT header/payload and verify expiration claims.
Regex Tester
Test regular expressions against sample text in real time.
Text Diff
Compare two text blocks and highlight differences.
Timestamp Converter
Convert Unix timestamps to readable date/time and back.
Hash Generator
Generate common hashes such as SHA-256, SHA-1, and MD5.
Base64 Encode/Decode
Encode and decode Base64 text quickly.
URL Encode/Decode
Encode and decode URL components for safe transport.
cURL Command Builder
Enter a URL, headers, method, and body to instantly generate a ready-to-run cURL command.
Password Breach Checker
Check if your password has appeared in known data breaches — without ever sending your password to any server.
Password Generator
Generate strong, random passwords with customizable length, character sets, and copy-to-clipboard support.
Guides To Read
Structured Data and Visible Answer Alignment Checklist
Adding FAQ, HowTo, or Article JSON-LD is not enough if the visible answer, steps, dates, and canonical signals say something different. Google validates supported structured data through rich result tooling and expects markup to represent the content users can actually see. Hidden FAQ markup or date-only Article updates can become a quality risk instead of an AEO or revenue recovery signal.
Brand Entity, Site Name, and Operator Trust Signal Checklist
If search results make the site feel like a loose set of tools instead of a recognizable source, clicks and AEO trust can suffer. Google uses home-page WebSite structured data, og:site_name, title, headings, and other signals to understand site names, while Organization and Logo structured data help identify the publisher entity. Helpful content guidance also asks publishers to make Who, How, and Why clear for readers.
AI Answer Visibility and Snippet Control Checklist
If you want visibility in AI Overviews, AI Mode, featured snippets, and ordinary search snippets, pages must be indexable and eligible to appear in Search with snippets. Google documents that controls such as nosnippet, data-nosnippet, max-snippet, and noindex can limit the information shown from pages in Search and AI features. Google-Extended is a separate robots.txt signal for Gemini model training and some grounding use, so it should not be confused with Search snippet eligibility.
Rich results not showing in Google Search: causes
Valid structured data does not guarantee a rich result. Page accessibility, content quality, structured-data policies, image crawlability, visible-content alignment, canonical selection, and manual actions all matter.
Structured data validation errors: troubleshooting order
Structured data errors often come from JSON syntax, unsupported @type values, missing required properties, bad date formats, inaccessible images, or canonical mismatches. Validate JSON-LD and the visible page together.
JSON parse errors and how to fix them
JSON parse errors can come from commas, quotes, escaping, control characters, BOM, wrong Content-Type, or JavaScript object syntax that only looks like JSON.
JWT expiration and clock troubleshooting
JWT validation failures often come from exp, nbf, iat, UTC versus local time, server clock skew, seconds versus milliseconds, or base64url decoding mistakes, not only from signature problems.
CORS preflight request failed: causes and fixes
CORS preflight failures usually mean the OPTIONS request was blocked, allowed methods or headers do not match the real request, or error responses such as 401, 403, and 429 omit CORS headers. Inspect the preflight response separately from the actual API call.
Access-Control-Allow-Origin missing: how to fix it
Browsers block cross-origin API responses when Access-Control-Allow-Origin is missing or does not match the request Origin. The same policy needs to apply on successful responses, errors, redirects, CDN cache hits, and preflight replies.
Mixed Content blocked: causes and fixes
Mixed content appears when an HTTPS page loads HTTP scripts, images, iframes, or API calls. Some passive resources may be upgraded automatically, but scripts and fetch requests are often blocked for security.
Content Security Policy refused to load: how to fix it
CSP refused-to-load errors happen when directives such as script-src, img-src, connect-src, or frame-src do not allow the resource origin. The goal is to add only the required source, not to weaken the whole policy.
HTTP 429 Too Many Requests: causes and fixes
HTTP 429 means a rate limit, API quota, bot protection rule, login attempt limit, or retry loop has been triggered. Read Retry-After and rate-limit headers, then identify whether the limit is keyed by IP, account, token, path, or user agent.
HTTP 401 Unauthorized: causes and fixes
HTTP 401 usually means authentication is missing or failed: an expired token, malformed Authorization header, missing cookie, cross-origin credential issue, or API gateway rule. Separate it from 403, which often means authenticated but not allowed.
SameSite cookie not sent: causes and fixes
A login or session cookie can disappear from a request when SameSite, cross-site navigation, iframes, redirects, fetch credentials, and CORS credentials do not line up. Confirm whether the browser sent the cookie before blaming the backend session.
Secure cookie not set or not sent: causes
Secure cookies are stored and sent only over HTTPS. HTTP callbacks, proxy HTTPS detection bugs, redirects, mixed content, HSTS, and certificate problems can make a login session appear to vanish.
Third-party cookies blocked: what breaks and how to fix it
When browsers block third-party cookies, iframe login, embedded widgets, payments, analytics, attribution, and SSO can fail. The durable fix is often a first-party flow, Storage Access, or server-side session exchange rather than forcing the old cookie model.
Cookies disabled and session lost: causes and fixes
If cookies are disabled or blocked by private mode, tracking protection, or security extensions, login, carts, language settings, and CSRF protection may reset. Separate storage failure from request-sending failure.
JavaScript disabled or blocked: why a site stops working
Buttons, login, forms, calculators, and API calls can stop when JavaScript is disabled or blocked by extensions, CSP, mixed content, wrong MIME type, or failed script responses. Separate disabled JavaScript from script load failure.
What To Do After a Password Breach
If a password appears in breach data, it should be retired immediately even if it looks strong. Replace it everywhere it was reused and prioritize email, payment, and admin accounts.
FAQ
Developer Utilities: what should I check first?
Which tools should I run first?
What should I read if the result is unclear?
Data Handling & Privacy
ipnawa is a diagnostics service. Inputs are used to produce results and are not intended for account-based profiling.
- Server-side tools (WHOIS, SSL, DNS, header checks) send your input domain/IP to our server for lookup.
- Browser-side tools (fingerprint, cookies, JavaScript) run primarily in your browser when supported.
- Standard web/server security logs may include IP address, timestamp, and User-Agent.
- Some checks call external providers such as ipinfo.io and bigdatacloud.net.
- Ads and non-essential cookies are loaded only after your consent choice.
External Processors
- ipinfo.io (IP/ASN/location lookups)
- bigdatacloud.net (reverse geocoding)
- Advertising partners (only after ad-consent acceptance)
You can review or change cookie/ad consent at any time.