SokuTools (Browser Utilities)

SokuTools is a collection of browser utilities for tasks you want to run quickly: UUIDs, timestamp conversion, Base64/URL encoding, and JSON formatting.

The flow is simple: paste (or type) → run → copy. Outputs are grouped by use case so you can pick the format you need quickly.

Core tools are designed around HTTP specs, RFCs, and practical security workflows so you can quickly identify where to look next.

Quick workflow

• Paste headers/JSON/tokens into the relevant tool
• Use the summary to identify issue type first
• Move to related tools for deeper isolation
• Copy only the values you need and return to implementation

Typical use cases

• Quickly validate header or token mismatches in API/frontend work
• Run first-pass troubleshooting in browser during operations/incidents
• Build and verify spec-based values quickly

Content policy

Each tool page includes not only usage but also referenced specs, practical cautions, and navigation to related tools.

• Explain based on RFCs and official docs, not guesses
• Design pages as connected diagnostic flows, not isolated utilities
• State data handling clearly and keep processing in-browser by default

Data handling

Most tools run in your browser without sending input to a server. Each page states its own assumptions clearly.

For sensitive data, use masked values and verify in an offline environment when needed.

Site Info

• About
• Contact
• Terms of Service
• Privacy Policy

Site search

Search across tool names, guide names, and descriptions. Symptom terms (for example 304, preflight, 401) prioritize diagnostic guides.

Short, focused terms improve ranking (for example cache update / cors preflight).

Operational Scenarios

Playbooks organized by real incidents such as missing 304 responses and failed preflight requests.

• Symptom-Based Diagnostic Guide (Start Here) — A central hub that routes cache/CORS/JWT/MIME incidents into shortest symptom-first diagnostic paths
• How to Diagnose Missing 304 Responses — Trace ETag/Last-Modified and If-* round trips to isolate missing 304 behavior
• How to Diagnose Stale Content After Deployment — Check cache policy by HTML/API/static assets to isolate stale deployment issues quickly
• How to Diagnose CORS Preflight Failures — Fix preflight failures by validating OPTIONS responses, Allow-* directives, and origin rules in order
• JWT 401/403 Diagnostic Playbook — Separate 401 and 403 using Authorization, WWW-Authenticate, claims, and signature checks
• How to Diagnose Retry Storms on 429/503 — Isolate Retry-After parsing and client implementation gaps to stop excessive retries
• How to Diagnose JS/CSS Blocks from nosniff Mismatch — Trace Content-Type vs nosniff mismatches, fallback responses, and delivery-layer rewrites
• How to Diagnose Set-Cookie Not Persisting — Isolate cookie persistence failures by checking Domain/Path/Secure/SameSite in order
• How to Diagnose Lost Login After OAuth Return — Isolate cookie-delivery failures after IdP return across SameSite, Secure, Path/Domain, and collisions
• How to Diagnose Same-Name Cookie Collisions — Resolve unstable behavior by tracing same-name cookie path/domain variants, overwrite order, and send collisions
• Cookie Incident Operational Checklist — Standardize response from triage to permanent fixes across storage failures, OAuth return issues, and same-name collisions

Compare & Choose

Use these comparison hubs to choose the right starting tool by problem type.

• JWT Decoder vs Verifier — Clarify decode vs signature verification roles and connect to 401/403 troubleshooting flow
• How to choose cache tools — Route stale-update, missing-304, and CDN-only mismatch issues to the right tools
• How to choose CORS tools — Map preflight failures, origin mismatches, and credential conflicts to the right checks
• How to choose cookie tools — Route Set-Cookie, Domain-Path, SameSite, conflict, and size checks by symptom
• How to choose response header tools — Map Retry-After, Server-Timing, Link, Content-Type, and nosniff checks by symptom

Overview

Cache Validators

Connect ETag/Last-Modified and If-* to judge revalidation flow

• Cache Validator Overview — Summarize relationships among ETag/Last-Modified validators
• ETag Inspect — Parse ETag and If-None-Match consistency
• ETag Builder — Build ETag values for testing and operations
• If-None-Match Inspect — Parse If-None-Match and inspect revalidation conditions
• If-Match Inspect — Parse If-Match and inspect update preconditions
• If-Modified-Since Inspect — Parse If-Modified-Since and inspect conditional retrieval
• If-Unmodified-Since Inspect — Parse If-Unmodified-Since and inspect precondition behavior
• Last-Modified Inspect — Parse Last-Modified and If-Modified-Since

Range/Partial Content

Cross-check Range/Content-Range/If-Range to validate partial delivery

• Accept-Ranges Inspect — Parse Accept-Ranges and inspect partial-content support
• Range Request Builder — Build Range request headers
• Content-Range Inspect — Parse Content-Range and inspect returned ranges
• If-Range Inspect — Parse If-Range and inspect conditional range behavior
• Content-Length Inspect — Parse Content-Length and inspect size consistency

Compression/Transfer

Use Accept/Content/Transfer-Encoding plus Vary to isolate compression mismatches

• Accept-Encoding Inspect — Parse Accept-Encoding and inspect compression negotiation
• Content-Encoding Inspect — Parse Content-Encoding to verify applied compression
• Transfer-Encoding Inspect — Parse Transfer-Encoding and inspect transfer mode
• Content-Length Inspect — Parse Content-Length and inspect size consistency
• Vary Inspect — Parse Vary and visualize cache variation keys

Cache Control

Diagnose delivery policy across Cache-Control/Expires/Age

• Cache Not Working Troubleshooting — Troubleshoot cache-not-working symptoms step by step from headers
• HTTP Cache Mismatch — Identify root causes of cache mismatches
• Cache Response Analyzer — Judge cacheability from response headers
• Cache Key Inspect — Visualize cache-key splits from URL, Vary, and headers
• Cache Diagnostic — Run cross-header diagnostics for HTTP caching
• Cache Control Overview — Summarize how to use Cache-Control/Pragma/Expires together
• Cache-Control Inspect — Parse and interpret Cache-Control directives
• Pragma Cache Inspect — Parse Pragma and inspect legacy cache control behavior
• Expires Inspect — Parse Expires and Date to inspect freshness behavior
• Age Inspect — Parse Age to estimate shared-cache residency time

Auth

Trace auth failures across Bearer, WWW-Authenticate, and JWT

• OAuth Bearer Diagnostic — Diagnose consistency between Bearer and WWW-Authenticate
• JWT 401/403 Troubleshooting — Troubleshoot 401/403 auth failures from headers and JWT claims
• JWT Claim Audit — Audit missing required/recommended JWT claims
• JWT TTL Check — Calculate validity window and remaining TTL from exp/iat/nbf
• JWT Clock Skew Check — Detect timestamp skew across iat/nbf/exp
• Authorization Inspect — Parse Authorization header formats
• WWW-Authenticate Inspect — Parse WWW-Authenticate challenges
• JWT Decoder — Decode and pretty-print JWT header/payload
• JWT Verifier — Verify JWT signatures (HS/RS/ES)

Security Headers

Go from missing-header detection to concrete fix planning

• Security Headers Audit — Audit presence of major security headers
• Security Headers Recommendation — Suggest recommended values for missing headers
• Security Headers Fix Plan — Create a prioritized header-fix plan
• CSP Nonce/Hash Helper — Generate and verify CSP nonce/hash values
• CSP Builder — Build CSP policies from templates
• CSP Report Analyzer — Analyze CSP report JSON and summarize violation patterns
• CSP Inspect — Parse and evaluate CSP directives
• HSTS Inspect — Parse HSTS to verify HTTPS enforcement
• Permissions-Policy Inspect — Parse Permissions-Policy and review feature restrictions
• Referrer-Policy Inspect — Parse Referrer-Policy and check referrer exposure
• X-Frame-Options Inspect — Parse X-Frame-Options to validate clickjacking protection
• X-Content-Type-Options Inspect — Parse X-Content-Type-Options and validate nosniff

Response Header Diagnostics

Step through raw headers to inspect Retry-After, Server-Timing, Link, and Content-Type

• HTTP Header Parser — Parse raw headers into structured lists
• Response Headers Parser — Parse response headers into structured data
• Set-Cookie Inspect — Parse Set-Cookie attributes and review delivery policy
• Cookie Domain/Path Matcher — Evaluate cookie send conditions by Domain/Path/Secure
• SameSite Cookie Simulator — Simulate cookie send behavior from SameSite and request context
• Set-Cookie Conflict Checker — Detect same-name cookie conflicts and overwrite risks
• Cookie Size Checker — Estimate Cookie header size and check limit risks
• Retry-After Inspect — Parse Retry-After and inspect retry wait behavior
• Server-Timing Inspect — Parse Server-Timing and inspect latency metrics
• Link Header Inspect — Parse Link headers and inspect rel/as/type
• Content-Type Inspect — Parse Content-Type and inspect MIME/charset
• X-Content-Type-Options Inspect — Parse X-Content-Type-Options and validate nosniff
• HTTP Status Inspect — Analyze HTTP status codes and suggest handling direction

Language/Locale

Compare Accept headers with Content-Language to debug negotiation mismatches

• Accept Header Builder — Build Accept-family headers by use case
• Accept-Language Inspect — Parse Accept-Language and inspect language priority
• Content-Language Inspect — Parse Content-Language and inspect delivered locale
• Accept-Charset Inspect — Parse Accept-Charset and inspect charset preferences

CORS

Compare Origin and Allow-* headers to audit CORS decisions

• CORS Error Troubleshooting — Troubleshoot CORS failures by correlating browser errors with request/response headers
• CORS Diagnostic — Diagnose CORS decisions by comparing Origin and Allow-*
• CORS Checklist — Provide a step-by-step CORS verification checklist
• CORS Response Inspect — Parse Access-Control-Allow-* headers to audit CORS responses
• Origin Allowlist Check — Match Origin values against an allowlist
• Host/Authority/Origin Inspect — Cross-check Host/:authority/Origin/Referer for mismatches

Redirects

Use status codes and Location chains to isolate redirect issues

• HTTP Status Inspect — Analyze HTTP status codes and suggest handling direction
• Location Inspect — Parse Location header and split destination URL
• Redirect Chain Inspect — Analyze redirect chains to detect loops and waste hops

UUID

• UUIDv7 Generator — Generate/validate UUIDv7 and extract time-derived fields
• UUIDv7 from Timestamp — Create UUIDv7 boundary values (earliest/random/latest) from Unix ms
• UUID Inspect — Normalize UUID and inspect version/variant/timestamp
• UUIDv7 Range Builder — Build UUIDv7 range boundaries from start/end milliseconds

Encoding

• Base64 — Encode/decode Base64 with UTF-8 handling
• URL Encode/Decode — Convert URL encoding and decoding both ways
• Query String Parser — Parse query strings and list parameters
• UTM Builder — Build URLs with UTM parameters
• Text Counter — Count characters including newline and full/half-width views

JSON

• JSON Formatter — Pretty-print, minify, and validate JSON
• JSONC Formatter — Format and validate JSONC (comments/trailing commas)
• JSON Diff — Compare two JSON documents and show diffs

Time

• Unix Time Converter — Convert Unix seconds/milliseconds and date-time both ways

Auth/Tokens

• OAuth Bearer Diagnostic — Diagnose consistency between Bearer and WWW-Authenticate
• JWT 401/403 Troubleshooting — Troubleshoot 401/403 auth failures from headers and JWT claims
• JWT Decoder — Decode and pretty-print JWT header/payload
• JWT Claim Audit — Audit missing required/recommended JWT claims
• JWT TTL Check — Calculate validity window and remaining TTL from exp/iat/nbf
• JWT Clock Skew Check — Detect timestamp skew across iat/nbf/exp
• JWT Verifier — Verify JWT signatures (HS/RS/ES)
• WWW-Authenticate Inspect — Parse WWW-Authenticate challenges
• Authorization Inspect — Parse Authorization header formats

Security Tools

• Random Password — Generate random passwords with length, charset, and exclusion options
• Password Seed Generator — Derive reproducible passwords from seed and constraints
• URL Safe Random — Generate random strings using URL/filename-safe characters
• Cookie Security Audit — Audit Secure/HttpOnly/SameSite settings
• Password Policy Generator — Create policy text and validation regex from requirements
• Token Format Checker — Infer JWT/UUID/Hex/Base64URL candidates from input text

Security Headers

• Security Headers Audit — Audit presence of major security headers
• Security Headers Recommendation — Suggest recommended values for missing headers
• Security Headers Fix Plan — Create a prioritized header-fix plan
• CSP Nonce/Hash Helper — Generate and verify CSP nonce/hash values
• CSP Builder — Build CSP policies from templates
• CSP Inspect — Parse and evaluate CSP directives
• CSP Report Analyzer — Analyze CSP report JSON and summarize violation patterns
• Permissions-Policy Inspect — Parse Permissions-Policy and review feature restrictions
• Referrer-Policy Inspect — Parse Referrer-Policy and check referrer exposure
• HSTS Inspect — Parse HSTS to verify HTTPS enforcement
• X-Frame-Options Inspect — Parse X-Frame-Options to validate clickjacking protection
• X-Content-Type-Options Inspect — Parse X-Content-Type-Options and validate nosniff

HTTP Headers

• HTTP Header Parser — Parse raw headers into structured lists
• Cookie Parser — Split Cookie headers into key=value pairs
• Cookie Size Checker — Estimate Cookie header size and check limit risks
• Cookie Domain/Path Matcher — Evaluate cookie send conditions by Domain/Path/Secure
• SameSite Cookie Simulator — Simulate cookie send behavior from SameSite and request context
• Set-Cookie Conflict Checker — Detect same-name cookie conflicts and overwrite risks
• Cookie Inspect — Parse Set-Cookie attributes and spot misconfigurations
• Request/Response Diff — Compare header differences between request and response
• Request Headers Parser — Parse request headers into structured data
• Set-Cookie Builder — Build Set-Cookie headers with attributes
• Content-Type Inspect — Parse Content-Type and inspect MIME/charset
• Response Headers Parser — Parse response headers into structured data
• Content-Disposition Inspect — Parse Content-Disposition and inspect filename/disposition
• Retry-After Inspect — Parse Retry-After and inspect retry wait behavior
• Server-Timing Inspect — Parse Server-Timing and inspect latency metrics
• Link Header Inspect — Parse Link headers and inspect rel/as/type
• Set-Cookie Inspect — Parse Set-Cookie attributes and review delivery policy

HTTP Cache

• Cache Not Working Troubleshooting — Troubleshoot cache-not-working symptoms step by step from headers
• HTTP Cache Mismatch — Identify root causes of cache mismatches
• Cache Response Analyzer — Judge cacheability from response headers
• Cache Diagnostic — Run cross-header diagnostics for HTTP caching
• Cache Key Inspect — Visualize cache-key splits from URL, Vary, and headers
• Cache Control Overview — Summarize how to use Cache-Control/Pragma/Expires together
• Cache-Control Inspect — Parse and interpret Cache-Control directives
• ETag Inspect — Parse ETag and If-None-Match consistency
• Vary Inspect — Parse Vary and visualize cache variation keys
• Last-Modified Inspect — Parse Last-Modified and If-Modified-Since
• Expires Inspect — Parse Expires and Date to inspect freshness behavior
• Age Inspect — Parse Age to estimate shared-cache residency time
• If-Modified-Since Inspect — Parse If-Modified-Since and inspect conditional retrieval
• If-None-Match Inspect — Parse If-None-Match and inspect revalidation conditions
• If-Unmodified-Since Inspect — Parse If-Unmodified-Since and inspect precondition behavior
• Cache Validator Overview — Summarize relationships among ETag/Last-Modified validators
• If-Match Inspect — Parse If-Match and inspect update preconditions
• ETag Builder — Build ETag values for testing and operations
• ETag Policy Checker — Check ETag operational policy consistency
• Pragma Cache Inspect — Parse Pragma and inspect legacy cache control behavior

Range/Partial Content

• Content-Length Inspect — Parse Content-Length and inspect size consistency
• Accept-Ranges Inspect — Parse Accept-Ranges and inspect partial-content support
• Range Request Builder — Build Range request headers
• Content-Range Inspect — Parse Content-Range and inspect returned ranges
• If-Range Inspect — Parse If-Range and inspect conditional range behavior

Encoding/Transfer

• Accept-Encoding Inspect — Parse Accept-Encoding and inspect compression negotiation
• Content-Encoding Inspect — Parse Content-Encoding to verify applied compression
• Transfer-Encoding Inspect — Parse Transfer-Encoding and inspect transfer mode

Language/Negotiation

• Accept Header Builder — Build Accept-family headers by use case
• Accept-Language Inspect — Parse Accept-Language and inspect language priority
• Content-Language Inspect — Parse Content-Language and inspect delivered locale
• Accept-Charset Inspect — Parse Accept-Charset and inspect charset preferences

CORS/Origin

• CORS Diagnostic — Diagnose CORS decisions by comparing Origin and Allow-*
• CORS Error Troubleshooting — Troubleshoot CORS failures by correlating browser errors with request/response headers
• CORS Checklist — Provide a step-by-step CORS verification checklist
• Host/Authority/Origin Inspect — Cross-check Host/:authority/Origin/Referer for mismatches
• Origin Allowlist Check — Match Origin values against an allowlist
• CORS Response Inspect — Parse Access-Control-Allow-* headers to audit CORS responses

Forwarding/Proxy

• Via Inspect — Parse Via to inspect intermediary proxy path
• Forwarded Inspect — Parse Forwarded to inspect forwarding path data
• X-Forwarded-For Inspect — Parse X-Forwarded-For/X-Real-IP to inspect client chain
• X-Forwarded-Proto Inspect — Parse X-Forwarded-Proto/Host to verify external URL inference

Redirects/Status

• Location Inspect — Parse Location header and split destination URL
• Redirect Chain Inspect — Analyze redirect chains to detect loops and waste hops
• HTTP Status Inspect — Analyze HTTP status codes and suggest handling direction

Client Info

• What is my IP — Show your current client IP and related info
• My User Agent — Show UA, language, and screen info for environment checks