Skip to content
LEARNREACTSAAS
Chapter 10Lesson 3

DevTools: the four panels that earn their keep

A working tour of the browser's Chromium DevTools, the panels you use to inspect the DOM, network requests, console state, and storage on every web app you build.

The last two lessons mapped the pipeline. Lesson 1 named the four network stages from URL commit to first byte, and lesson 2 named the six browser stages from first byte to pixels. Both lessons used the Network panel in passing, mostly the protocol column and the timing breakdown. DevTools is much bigger than that one tab, though, and you’ll be working inside the rest of it for the entire course.

DevTools is how you read the result of every change you make as a web developer. You change a class, reload, and look. You click a button and see what request went out. You suspect a stale cookie and read the cookie jar. This lesson is a tour of the four panels that earn a place on a SaaS engineer’s daily path, each answering one question you’ll ask constantly.

  • Elements: what’s actually rendered right now?
  • Network: what did the server send back?
  • Console: what does the page think it knows?
  • Application: what’s in storage right now?

Two more panels, Performance and Lighthouse, get a lot of attention, but we’ll defer them. You can’t tune performance on an empty teaching page, so that work lands later in the course when there’s a real app to measure. The same goes for a handful of other panels. We’ll name them once near the end so you know where they live, then move on.

The goal of this lesson isn’t mastery of any one panel. It’s the habit of reaching for the right one without thinking: you skim a bug report and know which panel to open, and you know a few moves in each panel that most newcomers never discover. This lesson gives you the layout; the depth in any one panel comes from using it on real work.

Open any well-styled site in a new browser tab now, with DevTools docked to the side or bottom; react.dev works well. We’ll switch between panels as the lesson goes.

Setting up: Chromium and React DevTools

Section titled “Setting up: Chromium and React DevTools”

The course teaches against Chromium DevTools. Any Chromium browser, including Chrome, Edge, Arc, and Brave, ships the same DevTools, and the React DevTools extension installs cleanly in all of them. Firefox DevTools is a good cross-browser sanity check: the layout differs but the concepts transfer. Safari DevTools is what you’ll reach for in the iOS-specific work the deployment unit covers later in the course. For everything else, Chromium is the default.

You’ll need one extension installed before the React unit ships its first component: React DevTools. Installing it now means it’s ready for the rest of the course. The extension adds two tabs to DevTools, Components and Profiler, that read the React tree directly rather than the DOM. We won’t use them in this lesson, but we’ll need them later.

  1. Open the Chrome Web Store listing for React Developer Tools and click Add to Chrome. The same listing works for any Chromium-based browser.

  2. Open a page that uses React, such as react.dev, with DevTools open. Two new tabs labelled Components and Profiler appear in the DevTools tab strip. That confirms the install.

  3. If you’re on Firefox, install the same extension from Firefox Add-ons. Same UI, same two tabs.

The mechanics of those two tabs land later in the course: the render-tree drill arrives with the React unit, and the Profiler returns in the performance unit. Install it once and ignore it for now.

Elements: what’s actually rendered?

Section titled “Elements: what’s actually rendered?”

The Elements panel shows the live DOM : the in-memory tree as it stands at this exact moment, after every change JavaScript has made to it. That distinction matters. The source HTML the server originally sent is a different thing, which you read with View Source (Ctrl/Cmd+U), and on a React app the two routinely disagree. That disagreement is how React is supposed to work, not a bug.

The right pane of the Elements panel shows the cascade for whatever element you’ve selected: every CSS rule that targeted it, listed in cascade order, with overridden rules struck through. This is how an experienced engineer reads the cascade in practice. How the cascade itself works, including specificity, layers, and why one rule wins, gets its own chapter later in the course when Tailwind lands. Here you’re only learning to read it.

Elements
Console
Sources
Network
Application
Performance
<!DOCTYPE html>
<html lang = "en" >
<head> </head>
<body>
<header class = "site-nav" >…</ header>
<main>
<section class = "hero" >
<h1> Build for the web </h1>
<button class = "cta" > Get started </button>
</section>
</main>
</body>
</html>
Styles
Computed
Layout
Event Listeners
Filter :hov .cls +
element.style { }
.cta {
background-color : oklch(0.62 0.18 250);
color : #fff;
padding : 12px 20px;
}
button {
background-color : #e5e7eb;
border-radius : 6px;
}
1 DOM tree — the live in-memory tree, after every JS mutation.
2 Styles pane — rules in cascade order; overridden ones struck through.
3 Computed tab — the resolved final value per property.
4 :hov button — force pseudo-states without using the mouse.
Elements panel — live DOM on the left, the cascade on the right. Struck-through rules lost the cascade; the Computed tab resolves every rule down to one final value per property. The `:hov` button lets you force pseudo-states without using the mouse.

Five moves carry the panel’s daily value:

  • Inspect to find. Cmd+Shift+C on macOS, Ctrl+Shift+C elsewhere, toggles the inspector cursor. Click any pixel on the page and the corresponding DOM node lights up in the tree. This is what you do when a user says “this thing isn’t styled right”: you start at the pixel, not at the source file.

  • Read the cascade in the Styles pane. Rules are listed top-down by which one won, with overridden rules struck through. The struck-through line tells you why your rule didn’t apply, usually because of specificity or order. When the Tailwind chapter teaches layer ordering later in the course, this panel is where you’ll read it.

  • Edit styles live, with no reload. Click any rule’s value to edit it in place, and the page updates as you type. A reliable rule of thumb: if it works in DevTools, it’ll work in the code. Make the change here first, confirm it does what you want, then go write it. This saves a surprising amount of time over a career.

  • Toggle pseudo-states explicitly. Click :hov in the Styles pane to force :hover, :focus-visible, :active, or :focus-within on the selected element. The obvious instinct is to hover the element directly to see its hover style, but moving the mouse over to the panel drops the hover state. Forcing the toggle is how you hold the state still.

  • Computed tab for the final value. When the cascade gets dense and you stop caring why a value won, the Computed tab shows the single resolved value the browser ended up using, plus which selector won it. Use this when the question is “what is the color, regardless of where it came from.”

Try it now. Open the page in front of you, inspect any button, and click :hov in the Styles pane to toggle :hover. The styles change without your mouse touching the button. Then edit the background-color value in the Styles pane directly: set it to red, or anything else. The button updates with no reload. That is the edit-and-check loop tightened from minutes to milliseconds.

Network: what did the server send back?

Section titled “Network: what did the server send back?”

The Network panel logs every request the page makes, including Document, Fetch/XHR, JS, CSS, Images, Fonts, and WebSockets, and shows each as a row with timing, headers, payload, and response. Lesson 1 of this chapter used the Protocol column and the Timing breakdown, which were just a slice of this one panel. The rest of it, including the toolbar checkboxes, the throttle, and the request-detail tabs, is where you’ll spend real time when you debug a SaaS app.

Elements
Console
Sources
Network
Application
Performance
Throttling: Slow 4G
All Fetch/XHR Doc CSS JS Font Img Media WS Wasm Other
Name
Status
Method
Type
Size
Time
Waterfall
/
200
GET
document
14.2 kB
84 ms
app.css
200
GET
stylesheet
9.1 kB
42 ms
client.js
200
GET
script
78.4 kB
121 ms
/api/me
401
GET
fetch
63 ms
hero.webp
200
GET
image
26.8 kB
55 ms
inter.woff2
200
GET
font
32.0 kB
47 ms
Headers
Payload
Preview
Response
Initiator
Timing
Cookies
▾ General
Request URL: https://app.example.com/api/me
Request Method: GET
Status Code: 401 Unauthorized
▾ Response Headers
content-type: application/json
cache-control: no-store
www-authenticate: Bearer
1 Preserve log + Disable cache — keep the log across navigations, force every reload to hit the network.
2 Throttling — simulate "Fast 4G", "Slow 4G", "3G", or "Offline" to test loading states.
3 Request-type filters — drop the noise; Fetch/XHR for API calls, Doc for navigations.
4 Request-detail tabs — Headers, Payload, Preview, Response, Initiator, Timing, Cookies.
Network panel — every request, every header, every payload. The toolbar checkboxes and the right-pane tabs carry the daily workflow.

Seven moves separate the typical workflow from the experienced one:

  • Open the panel before the action that triggers the request. Network only captures while it’s open. If you open it afterwards, the request you wanted to see is already gone. Open it first, then click. It’s easy to forget the first dozen times.

  • Turn on Preserve log. By default a redirect or a full-page navigation wipes the request log. With Preserve log on, every request stays visible across navigations and reloads. Turn it on as a permanent default in your DevTools settings; you’ll never want it off.

  • Tick Disable cache while DevTools is open. Otherwise the cached request returns in 1ms, and you’ll conclude your change worked when nothing actually went over the wire. The next user, on a cold cache, will still see the old behavior. Keep the cache off whenever the panel is open.

  • Throttle to “Slow 4G” or “3G” when testing loading states. The 2026 presets are “Fast 4G”, “Slow 4G”, “3G”, and “Offline”; Chrome 130+ renamed the old “Fast 3G” and “Slow 3G” presets to match modern device baselines. When something looks fine on localhost, flip to Slow 4G, reload, and watch the skeleton states actually appear. A per-request override (right-click a row → Override request → Throttle) shipped in late 2025, useful for testing one slow API call against an otherwise fast page.

  • Filter by type to drop the noise. Doc shows just the page navigation requests, and Fetch/XHR shows your application’s API calls. Most SaaS debugging happens in Fetch/XHR, and the chip cuts the waterfall from hundreds of rows to the dozen that matter.

  • Read the right pane in this order. Start with Headers (auth, content type, status), then Payload (what your client sent), then Response (what the server sent back, with the Preview tab pretty-printing JSON for you), then Timing (where the time went, which maps onto the four stages from lesson 1 of this chapter). Any other order tends to waste clicks.

  • Right-click → Copy → Copy as fetch / Copy as cURL. This turns a captured browser request into a reproduction you can debug. Paste the fetch into the Console and re-run it, or paste the cURL into a terminal and re-run it. Either way you have a JavaScript or shell version of the exact request the browser sent, ready to edit. The full fetch API gets its own chapter later in this unit; this is your first look at the shape it produces.

Open Network on the page in front of you. Tick Preserve log and Disable cache, then reload. Find the document request row at the top, right-click it, and choose Copy → Copy as fetch. Paste it into the Console (you’ll learn the Console properly in the next section). What you just pasted is the same request the browser made, expressed as JavaScript you can edit and re-run.

Console: what does the page think it knows?

Section titled “Console: what does the page think it knows?”

The Console is a REPL inside the running page. Anything in the global scope is reachable, anything any script logs with console.log lands here, and anything you type runs in the page’s own JavaScript context. It’s also the most under-used tool in DevTools, because most newcomers call console.log() and stop there. The Console has a whole vocabulary beyond that, and learning it gives you more for your effort than anything else on this tour.

Elements
Console
Sources
Network
Application
Performance
Filter
Default levels: All levels
Live expression
[auth] token expires in 42 seconds — refreshing auth.ts:118
TypeError: Cannot read properties of null (reading 'email') profile.tsx:24
console.table(users) VM:1
(index) id name email role
0 1 "Ada Lovelace" "ada@hooli.dev" "owner"
1 2 "Grace Hopper" "grace@hooli.dev" "admin"
2 3 "Linus Pauling" "linus@hooli.dev" "member"
 
$0.getBoundingClientRect() « DOMRect { x: 24, y: 80, width: 132, height: 40, ... }
1 Log-level filter — drop everything but errors when a noisy page is talking to you.
2 Prompt input — REPL inside the page; live-evaluation preview as you type.
3 console.table() output — array of objects rendered as a real columned table.
Console — REPL inside the page, with log-level filtering. `console.table` and `$0` are two of the moves that separate the typical workflow from the experienced one.

Seven moves to internalize:

  • Log levels and filtering. console.log is the default, while console.info, console.warn, and console.error print at their named levels. The dropdown at the top of the panel lets you hide everything but errors when a page floods the output. For debugging output you want to keep, use console.warn and console.error so the important lines stay filterable amid the noise.

  • console.table(arrayOfObjects). Renders a real table with one column per object key. Use this instead of console.log for any array of objects. It saves you from expanding [Object, Object, Object, ...] rows one at a time, which adds up over a career.

  • console.dir(domNode). Prints the full JavaScript property tree of a DOM node, including its properties, methods, and internals, rather than the rendered HTML you get from console.log(node). Reach for it when the question is “what JavaScript properties does this node carry?” rather than “what does it look like in the tree?”

  • console.trace(). Prints the stack trace at the call site. Use it when the question is “who called this?” and you don’t want to set a breakpoint to find out.

  • $0, $1, $2, $3, $4. References to the last five elements you selected in the Elements panel. Click a node in Elements, switch to Console, and type $0.getBoundingClientRect(). This bridge between the Elements and Console panels is one of the most useful, and one of the most often missed.

  • copy(value). Copies any value to your clipboard. copy($0.outerHTML) grabs the live rendered markup of the inspected element. copy(JSON.stringify(state, null, 2)) copies any complex value as pretty JSON, ready to paste into a bug report or test fixture.

  • Live evaluation as you type. Start typing document.queryS… and DevTools shows the result of the current expression in a faded preview before you hit Enter. This is handy for refining a selector against the live DOM before pasting it into your code.

Those last few names, $0 through $4, copy, plus $_ for the last evaluated expression, are console utilities . DevTools injects them into the Console’s global scope, so they don’t exist in your application code. Try to use copy() in a script file and you’ll get a ReferenceError. That’s worth remembering when something works in the Console but not in a .js file: the utilities don’t travel.

The vocabulary, in five lines:

console.table(users);        // an array of objects rendered as a real table
console.dir($0);             // full JS property tree of the inspected element
console.trace();             // stack at this line
copy($0.outerHTML);          // live rendered markup → clipboard
copy(JSON.stringify(state)); // snapshot any value as pretty JSON

Try the bridge right now. Switch to Elements and inspect any element on the page. Switch to Console and type $0; the element prints. Type console.dir($0) to see its full JavaScript surface unfold. Type copy($0.outerHTML) and paste anywhere; the live rendered markup is on your clipboard.

Application: what’s in storage right now?

Section titled “Application: what’s in storage right now?”

The Application panel is the storage and identity inspector. Every place the page persists data is here, including Cookies, Local Storage, Session Storage, IndexedDB, Cache Storage, and Service Workers. Every entry can be inspected, edited, or deleted from the panel.

For day-to-day SaaS work, the two that matter are Cookies, where session cookies live once the auth chapters land, and Local/Session Storage, where client-state tooling and URL-state lists keep their working values. The rest you’ll see once or twice over the course of a project, so they’re named here just to tell you where to find them.

Elements
Console
Sources
Network
Application
Performance
Application
Manifest
Service Workers
Storage
Storage
Local Storage
Session Storage
IndexedDB
Cookies
https://app.example.com
Cache Storage
Background services
Background Fetch
Push Messaging
Cookies for https://app.example.com
Clear site data
Name
Value
Domain
Path
Expires
Size
HttpOnly
Secure
SameSite
session
eyJhbGciOiJIUzI1NiIsInR5...
app.example.com
/
2026-06-04T09:12:43Z
312
Lax
csrf
a91b3fde4c2e1f...
app.example.com
/
Session
64
Strict
theme
dark
.example.com
/
2027-01-01T00:00:00Z
9
Lax
_analytics
GA1.2.778431...
.example.com
/
2026-11-28T00:00:00Z
34
None
4 cookies — double-click any cell to edit, ⌫ to delete the row
1 Sidebar sections — Manifest, Service Workers, Storage (with its sub-items), Background Services.
2 Clear site data — one button wipes every persistence surface for the current origin.
3 Cookies row — selected origin under Storage drives the right pane.
4 Attribute columnsHttpOnly, Secure, SameSite, Expires, Domain, Path.
Application panel — every storage surface and identity slot the page touches, all editable from here. The Cookies row's attribute columns are where most auth bugs live.

Four regions to know:

  1. The sidebar with Manifest, Service Workers, Storage (and its sub-items Local Storage / Session Storage / IndexedDB / Cookies / Cache Storage), and Background Services.
  2. The Clear site data button under Storage at the top of the section.
  3. The Cookies row in Storage; when selected, the right pane lists every cookie with its full attribute set.
  4. The right pane’s cookie attribute columns: HttpOnly, Secure, SameSite, Expires, Domain, Path.

Five moves to know:

  • Cookies, the auth surface. Expand Cookies under Storage and click the origin you care about. The right pane lists every cookie with its full attribute set: name, value, domain, path, expires/max-age, HttpOnly, Secure, SameSite. Edit a value in place, double-click any attribute to flip it, or delete a row with the Delete key. When the auth chapters arrive later in the course, this is where you’ll read the session cookie, and when auth doesn’t work, the cookie’s SameSite and Secure flags are worth checking before the server logs. What those attributes mean, when they apply, and why they block a request gets its own chapter later in this unit.

  • Local Storage and Session Storage. Same edit-and-clear surface, keyed by origin. Local Storage persists across tabs and reloads, while Session Storage is per-tab and clears when the tab closes. When the URL-state list project arrives later in the course, the values you’re stashing show up here.

  • IndexedDB. A persistent client-side database, shown here. When offline state matters on a project, this is the panel for it. It isn’t on the daily path for the 2026 SaaS stack, since the platform’s data fetching covers most of what you’d otherwise reach for it.

  • Service Workers and Cache Storage. Service workers register under their own sidebar entry, and whatever they’ve cached shows in Cache Storage. They’re named here so you can find them. The course doesn’t ship a service worker on this stack, because Server Components and the platform’s data fetching cover the use cases.

  • Clear site data , the reset button. One button at the top of the Storage section wipes cookies, every kind of storage, cache, and service workers for the current origin. It’s the fix for “it works in incognito but not here”: your local state has drifted from the server’s expectations, and clearing it is faster than diffing it. Reach for it freely.

Try the cookie inspector right now. Open Application → Storage → Cookies on the page in front of you, then click your origin and read the attribute columns on any cookie. Look at SameSite, Secure, and HttpOnly. The wrong combination of those is why an authenticated request can quietly drop its cookie on a cross-site fetch. The chapter later in this unit covers the production defaults for those attributes; the Application panel is where you’ll diagnose them when something goes wrong.

Sources: where is this client code actually stopping?

Section titled “Sources: where is this client code actually stopping?”

The Console reads the page’s state at whatever moment you ask. The Sources panel lets you freeze the page mid-execution and read everything at once. Open Sources, find a client-side script in the file tree on the left, and click the line number in the gutter; a blue marker appears. That marker is a breakpoint: the browser will pause execution the instant it reaches that line, before it runs it, and hand you the frozen page.

You don’t always need the gutter, though. A bare debugger; statement does the same thing from inside the code itself, pausing execution at that line whenever DevTools is open and doing nothing at all when it isn’t. It’s the fastest way to stop on a line you’re already editing, with one rule: delete it before you commit, the same way you’d delete a stray console.log.

function applyDiscount(cart, code) {
  debugger; // execution pauses here when DevTools is open
  const rate = lookupRate(code);
  return cart.total * (1 - rate);
}

Once you’re paused, three buttons drive the frozen frame. Step over runs the next line and stops again, treating any function call on it as a single step. Step into follows a function call down into its body so you can watch what happens inside. Resume lets the page run on until the next breakpoint or until it finishes.

The payoff sits in the right-hand pane while you’re paused. The Scope pane lists every variable in reach at the current frame, locals and closures and globals, with their live values; that’s the whole point over a single console.log, which only shows the one thing you remembered to print. The Watch pane lets you pin an expression, say cart.total, and read its value at every pause without retyping it.

Try it on the page in front of you: open Sources, set a breakpoint on any line of a script that runs on a click, then click and watch the page freeze with the Scope pane filled in. This is the browser-side beat only. Stepping through server-side code, where most of this stack’s logic actually runs, is a different workflow that the error-monitoring and observability chapter near the end of the course owns; the Console stays your default for everyday client-side checks.

The panels we’re deliberately skipping

Section titled “The panels we’re deliberately skipping”

Map a scenario to a panel

Section titled “Map a scenario to a panel”

Here is one last drill. Read each scenario and decide which panel you’d open first. Each scenario maps to one panel, and some panels show up more than once.

For each production-shaped scenario, click the panel you would open first. Click an item on the left, then its match on the right. Press Check when done.

The API call returns 401, but the rest of the page renders fine
Network — check the response and the request headers for the missing or wrong auth
A class is in the DOM but the style isn’t applying
Elements — read the cascade in the Styles pane; the rule is struck through
A session cookie is set but the next request doesn’t send it
Application — inspect the cookie’s SameSite and Secure attributes
A redirect fires before you can read its response body
Network — turn on Preserve log, repeat the action
A user reports localStorage data they shouldn’t have
Application — inspect Local Storage; clearing it fixes the symptom
You want to copy the live rendered HTML of one node
Consolecopy($0.outerHTML) after inspecting in Elements
You want to know who called a function without setting a breakpoint
Consoleconsole.trace() at the call site
The user sees a stale response after you shipped a fix
Network — check cache headers and verify Disable cache is on while you test

What stays out of this lesson

Section titled “What stays out of this lesson”

This is a survey, not a manual, and each panel has deeper material covered elsewhere.

  • Cookie attribute semantics, namely HttpOnly, Secure, and SameSite, are taught in their own chapter later in this unit. The Application panel surfaces them; the chapter explains them.
  • The CSS cascade itself, specificity, the box model, and Tailwind layer ordering arrive in the styling unit later in the course. Elements is where you’ll read them.
  • The fetch API, request and response shapes, and error handling are covered later in this unit. The Network panel reads them.
  • React component tree inspection, prop edits via DevTools, and Profiler flame charts are covered in the React unit and again in the performance unit. React DevTools is installed now; the depth waits.
  • Core Web Vitals, Performance flame charts, Lighthouse audits, and bundle analyzers are covered in the performance unit. The panels exist now; the workflow lives there.

You now have the layout in your head, and the depth comes from doing the work. The next lesson pushes that along with a local HTTPS setup that unblocks the secure-context APIs the rest of this unit depends on.

External resources

Section titled “External resources”
Chrome DevTools — official documentation
developer.chrome.com

The canonical reference for every DevTools panel. Skim the panel docs as you start using each one in earnest.
What's new in DevTools
developer.chrome.com

Monthly changelog of new DevTools features. Worth bookmarking once you're past the basics, since the panels gain new tools every release.
Firefox DevTools — user docs
firefox-source-docs.mozilla.org

The cross-browser sanity check. Concepts transfer from Chromium; the layout differs.
React Developer Tools — docs
react.dev

The official guide to the Components and Profiler tabs you just installed. Bookmark for when the React unit lands.