How to Debug a Web Application: A Step-by-Step Guide

Written By  Crosscheck Team

Content Team

July 10, 2025 12 minutes

How to Debug a Web Application: A Step-by-Step Guide

How to Debug a Web Application: A Step-by-Step Guide

Debugging is not a talent. It is a process. Developers who debug quickly and accurately are not doing something mysterious — they are following a systematic approach that eliminates guesswork and narrows the problem space as efficiently as possible.

This guide walks through that process end to end: how to reproduce a bug reliably, what each part of Chrome DevTools tells you, how to read errors and stack traces, how to use breakpoints to pause and inspect running code, and how to work through the most common categories of web application bugs.

Step 1: Reproduce the Bug Before Touching Any Code

The single most important rule in debugging is this: do not touch any code until you can reproduce the bug reliably and on demand.

A bug you cannot reproduce is a bug you cannot verify fixing. And a bug you cannot reproduce consistently usually means you do not yet understand it well enough to fix it.

Establish Exact Reproduction Steps

Write down the precise sequence of actions that triggers the bug. Be specific:

  • Which page or route
  • Which browser and version
  • Which user account or data state
  • Which sequence of interactions, in order
  • What the expected behavior is
  • What actually happens instead

This matters because bugs are often environment-dependent. A bug that appears for one user but not another may be caused by a difference in authentication state, user permissions, feature flags, or cached data. A bug that appears in one browser but not another may be a CSS compatibility issue, a JavaScript API availability difference, or a rendering quirk.

Simplify the Reproduction Case

Once you can reproduce the bug, try to simplify it. Remove steps that are not necessary to trigger it. The simpler your reproduction case, the easier it is to identify the root cause — and the easier it is to explain to someone else or include in a bug report.

Try Incognito Mode and a Fresh Browser Profile

Browser extensions, cached data, stored cookies, and service worker caches can all interfere with web application behavior in ways that are invisible without isolating them. Open an incognito window and try to reproduce the bug. If it disappears, the cause is almost certainly something in the browser state — a cached response, a stale cookie, or a conflicting extension.

Step 2: Open Chrome DevTools

Chrome DevTools is your primary debugging environment for web applications. Open it with:

  • F12 on Windows and Linux
  • Cmd + Option + I on Mac
  • Right-click anywhere on the page and select Inspect

DevTools has several panels. The four you will use most for debugging are Console, Sources, Network, and Application. Each surfaces a different layer of information about what the browser is doing.

Step 3: Read the Console

The Console tab is the first place to look when a web application is behaving unexpectedly. It captures JavaScript errors, warnings, log output, and network failure notices — all timestamped and linked to the line of code that produced them.

Understanding Error Types

Uncaught TypeError — A value is being used in a way that does not match its type. Classic examples: calling a method on undefined (Cannot read properties of undefined), passing a non-function as a callback, or treating a string as a number. These almost always indicate that a variable holds an unexpected value at runtime.

Uncaught ReferenceError — Code is attempting to use a variable that does not exist in the current scope. Common causes: a typo in a variable name, accessing a variable before it has been declared, or referencing a global that is not available in the current environment.

SyntaxError — The JavaScript engine could not parse the code. In most cases this surfaces during the build step, not at runtime, but it can appear if dynamic code evaluation (eval) is used or if a JSON response is malformed and parsed with JSON.parse.

Failed to load resource — A network request failed. The console shows the URL and status code. This is a signal to move to the Network tab for deeper investigation.

Reading Stack Traces

Every error in the console comes with a stack trace — the chain of function calls that led to the error. Read it from top to bottom. The top entry is where the error actually occurred. The entries below it are the callers, in reverse order.

Click any entry in the stack trace to jump directly to that line in the Sources panel. Start with the first entry that is in your own code (not inside a library or framework). That is almost always where the problem is.

Filtering Console Output

In production applications, the console can fill up with warnings and informational logs that obscure actual errors. Use the filter buttons at the top of the Console panel to show only Errors, or type in the filter box to search for specific text. You can also filter by URL to show only messages from a specific script file.

Step 4: Inspect Network Requests

Many web application bugs are not JavaScript bugs at all — they are network bugs. A failed API call, an incorrect request payload, a missing authentication header, or a server-side validation error can all manifest as broken UI behavior without producing any JavaScript error.

Open the Network tab. If you need to capture requests from the initial page load, open DevTools first and then reload the page — the Network tab only records requests made while it is open.

What to Look For

Filter by Fetch/XHR to isolate API calls from static assets. This immediately removes the noise of HTML, CSS, JavaScript, image, and font requests, leaving only the data requests your application makes.

Scan for red rows — Chrome color-codes failed requests in red. A 4xx or 5xx status code on any row is a signal that deserves attention.

Click a request and examine its detail tabs:

  • Headers — Verify that the request includes the correct authorization token, that Content-Type is set correctly, and that the server's response headers match what you expect.
  • Payload — For POST, PUT, and PATCH requests, confirm that the request body contains the correct data. Missing fields, incorrect JSON structure, and encoding issues all show up here.
  • Response — Read what the server actually returned. Error responses frequently contain detailed messages that never surface in the UI.
  • Timing — A large TTFB (Time to First Byte) indicates server-side slowness. A large content download time indicates a large payload.

Common Network Issues

401 Unauthorized — The request is missing a valid authentication credential. Check the Authorization header in the request. Is the token present? Is it expired?

403 Forbidden — The user is authenticated but does not have permission for this action. This is often a role or permission configuration issue on the server.

404 Not Found — The requested URL does not exist. Check for typos in the API endpoint, and verify that the route is registered on the server.

422 Unprocessable Entity — The server received the request but rejected it due to validation errors. The response body almost always contains the specific field-level errors.

CORS errors — Cross-Origin Resource Sharing errors block requests from one domain to another when the server has not explicitly allowed it. These appear in the console as blocked-by-CORS-policy messages and show up in the Network tab as failed preflight OPTIONS requests. The fix is always server-side — adding the correct Access-Control-Allow-Origin headers.

Step 5: Use Breakpoints to Pause Execution

Console logging is useful for quick checks, but breakpoints are the most powerful tool in the debugger. A breakpoint pauses JavaScript execution at a specific line, letting you inspect the exact state of every variable at that moment — no guessing, no adding and removing console.log statements.

Setting a Line Breakpoint

  1. Open the Sources tab in DevTools
  2. Navigate to the file you want to debug using the file tree on the left, or press Cmd+P / Ctrl+P to search for a file by name
  3. Click the line number in the gutter to set a breakpoint — a blue arrow will appear
  4. Trigger the code path that contains the bug
  5. When execution pauses at the breakpoint, use the right-hand panel to inspect local variables, the call stack, and the scope chain

Stepping Through Code

Once paused at a breakpoint, you have four navigation controls:

  • Step over (F10) — Execute the current line and pause at the next one, without descending into any function calls
  • Step into (F11) — If the current line calls a function, descend into that function
  • Step out (Shift+F11) — Execute the rest of the current function and pause at the caller
  • Resume (F8) — Continue execution until the next breakpoint

Conditional Breakpoints

In a loop or a frequently-called function, a regular breakpoint will pause on every call — which is impractical if you are looking for a specific iteration or condition. Right-click a line number and select Add conditional breakpoint to enter an expression. The debugger will only pause when that expression evaluates to true.

Logpoints

If you want the equivalent of a console.log without modifying your source code, right-click a line number and select Add logpoint. Enter an expression — it will be evaluated and logged to the console every time execution passes that line, without pausing.

Event Listener Breakpoints

In the Sources panel, under the right-hand panel, look for Event Listener Breakpoints. You can set breakpoints that fire on specific DOM events — clicks, form submissions, keyboard input, network requests — without needing to know which function handles them. This is useful when you can see a user action triggering a bug but you do not know which code runs in response.

Step 6: Inspect the DOM and CSS

For bugs related to layout, visibility, or styling, the Elements tab is where you debug. It shows the live DOM tree — not the original HTML source, but the actual current state of the document as modified by JavaScript.

Common DOM Debugging Scenarios

An element is not visible when it should be — Select it in the Elements panel and check the Styles pane on the right. Look for display: none, visibility: hidden, opacity: 0, or height: 0 being applied. Check the Computed tab to see the final resolved styles, bypassing any confusion about specificity or inheritance.

A click handler is not firing — Select the element, click the Event Listeners tab in the right panel, and verify that the expected event listener is attached. If it is not there, the element may not have been selected correctly in JavaScript, or the listener may have been attached before the element existed in the DOM.

Styles are not applying — Look for strikethrough text in the Styles pane, which indicates a property that has been overridden by a more specific rule. The selector specificity and source location are shown next to each rule.

Step 7: Check Application State

The Application tab surfaces data that persists in the browser — cookies, localStorage, sessionStorage, IndexedDB, service workers, and the cache. Many hard-to-reproduce bugs are caused by stale or corrupted data in one of these stores.

What to Check

  • localStorage and sessionStorage — Inspect the key-value pairs your application is storing. Look for outdated tokens, stale user data, or missing values that the application code expects to be present.
  • Cookies — Check that authentication and session cookies are set, not expired, and scoped to the correct domain and path.
  • Service Workers — A registered service worker can intercept network requests and serve cached responses, masking server-side changes. In the Application tab, you can view registered service workers, force an update, or unregister them entirely for debugging purposes.
  • Cache Storage — If your application uses a service worker cache, you can inspect its contents here and delete individual entries or clear the cache entirely.

Step 8: Isolate the Problem Layer

Once you have gathered information from the console, network tab, and debugger, the next step is to determine which layer of the stack owns the bug:

  • Frontend logic — If the request is correct but the UI handles the response incorrectly, the bug is in the client-side code. The network tab will show a successful response, but the rendered output will be wrong.
  • API / backend — If the request is correct but the server returns an error or incorrect data, the bug is on the server. The network tab will show the exact response the server returned.
  • Data — Some bugs are caused by unexpected data in the database — a null value where a string is expected, a missing record, or a malformed field. These often surface as 500 errors with database-level error messages in the response body.
  • Configuration or environment — Feature flags, environment variables, third-party service configuration, and browser or OS differences can all produce bugs that appear only in specific environments.

Narrowing to the responsible layer before writing any fix prevents the common trap of patching the wrong thing — adding error handling in the frontend for a bug that should be fixed in the API contract.

Common Web Application Bug Patterns

Race Conditions

Asynchronous JavaScript is a common source of bugs that are difficult to reproduce consistently. Race conditions occur when two async operations complete in an unexpected order. Classic examples: a component renders before its data fetch completes, a user clicks a button twice before the first action finishes, or a token refresh and an authenticated request both fire simultaneously.

Debugging approach: add breakpoints or logpoints around the async operations and observe the order in which they complete. Check whether promises are being awaited correctly and whether loading and error states are handled.

State Management Bugs

In applications using React, Vue, Angular, or similar frameworks, bugs often live in how state is updated and propagated. A component may render with stale state, a mutation may update the wrong slice of state, or a derived value may not recompute when its source changes.

Debugging approach: use the browser extension for your framework (React DevTools, Vue DevTools) to inspect the component tree, current props and state, and re-render history.

Memory Leaks

A memory leak in a web application typically manifests as the page becoming slower and more sluggish over time, eventually crashing the browser tab. Common causes: event listeners attached in a component's lifecycle that are never removed, closures holding references to large objects, and timers or intervals that are never cleared.

Debugging approach: use the Memory tab in DevTools to take heap snapshots at intervals and compare them. Look for object counts that grow without bound.

Third-Party Script Interference

Analytics scripts, chat widgets, A/B testing frameworks, and ad networks all run JavaScript in the same browser context as your application. Any of them can introduce errors, slow page load, or conflict with your application's behavior.

Debugging approach: disable browser extensions, then test in a browser profile with no extensions. If the bug disappears, start re-enabling extensions one at a time. To isolate third-party scripts embedded in the page itself, use the Network tab to identify which domains are loading external scripts, and temporarily block them using DevTools request blocking.

Document What You Find

Debugging produces knowledge. A bug that took two hours to track down should not require two hours again if it resurfaces — or if someone else encounters it. As you debug, note:

  • The reproduction steps
  • The root cause
  • Which tools and approaches revealed it
  • The fix applied and why

This is especially valuable in team environments, where the person who filed the bug and the person who fixes it are often different people working asynchronously.

Debug Faster With Automatic Bug Capture

Systematic debugging through DevTools is an essential skill — but it is also time-intensive, requires expertise to execute well, and relies on whoever reports the bug knowing what to capture and how to capture it.

Crosscheck bridges that gap. When a bug is captured with Crosscheck, it automatically records everything a developer needs to debug it: a screenshot, a screen recording, all console logs (including errors and warnings), every network request made in the session with status codes and response details, and an instant replay of the user's actions.

The result is a bug report that arrives with the same quality of information you would get from sitting next to the reporter and watching it happen in DevTools — without anyone needing to know how to use DevTools, and without the back-and-forth of "can you reproduce this?" and "what was in the console?"

For development teams that want to spend less time gathering debugging context and more time actually fixing bugs, Crosscheck turns every bug report into a complete diagnostic package from the moment it is filed.

Related Articles

From Bug Reporter to Quality Advocate: The Future of QA Roles
Industry Trends & Thought Leadership

From Bug Reporter to Quality Advocate: The Future of QA Roles

Crosscheck Team
March 31, 202511 minutes
The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers
Industry Trends & Thought Leadership

The QA Skills Gap: Why 50% of Organizations Can't Find Qualified Testers

Crosscheck Team
April 3, 202511 minutes
Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them
Industry Trends & Thought Leadership

Flaky Tests Are Killing Your Team's Productivity: Here's How to Fix Them

Crosscheck Team
April 7, 202511 minutes
Contact us
to find out how this model can streamline your business!
Crosscheck Logo
Crosscheck Logo
Crosscheck Logo

Speed up bug reporting by 50% and
make it twice as effortless.

Overall rating: 5/5