PingThat is an independent project run by one developer. Network and security tools fall into two groups: those that can answer locally (a JWT decoder, a subnet calculator) and those that need to ask the outside world (a DNS lookup, an SSL check). This page describes which is which, how each tool is verified, and what the site does and doesn't do.

What runs in your browser, and what queries an API

Of the 23 tools on PingThat, 7 run entirely client-side: your input never leaves your browser. The other 16 need to resolve a real-world fact (a DNS record, a certificate chain, a WHOIS owner) and query a public API or a small project-owned backend. The table below names the endpoint each one talks to.

For API-querying tools, what gets sent is the lookup target you typed — a domain, an IP, an email, a URL — and nothing else. Each row's Endpoint column names where that specific tool's request goes; nothing is forwarded to other endpoints.

Ads come from Google AdSense (publisher ID ca-pub-8761907366448308). AdSense uses cookies and shares limited data with Google's ad network when you consent. The cookie banner is a real consent gate: AdSense scripts do not load until you accept. If you decline, no ad cookies are set. Ad slots are clearly marked Sponsored.

How tool reliability is verified

Every tool is covered by an automated end-to-end test that runs on every deploy. The "Last verified — N tools passing" line in the footer is set by CI: it reflects the date of the last green run and the count of tools that passed. If a test breaks, the footer reflects that on the next build, and the broken tool is fixed before the line goes back to all-passing.

How content is written

Tool behavior is implemented and verified by hand against the source RFCs and standards: RFC 1035 for DNS, RFC 4632 for CIDR / subnetting, RFC 5280 for X.509 certificates, RFC 7519 for JWT, RFC 8484 for DNS-over-HTTPS, RFC 7208 / 6376 / 7489 for SPF / DKIM / DMARC, and the IANA registries for port assignments and protocol numbers. Where an algorithm is implemented in the browser (CIDR math, JWT signature verification, password entropy estimation), the test suite pins it to the spec-mandated output.

Long-form guides under /docs/ are drafted with AI assistance and lightly reviewed before publishing. The technical facts in those guides — what an RFC says, how a header is parsed — are independently verifiable.

Comparison pages ("X vs Y") were previously published with light review. Those pages have been removed because the project couldn't maintain the factual bar they required without becoming a network-tool-review site, which isn't what PingThat is. If a comparison page redirected you here, please use the actual products to compare them.

What the site doesn't do

• Paid placements, sponsored editorial, or guest posts. AdSense ads are clearly marked Sponsored and separate from editorial.
• Paraphrase competitor blog posts.
• Sell or share your queries with third parties. The backend uses standard rate limits to stay usable but keeps no per-user query log.

How content stays current

When an RFC is revised, when a public resolver changes its policy, or when a TLS / DNSSEC algorithm is deprecated, the affected page is updated. The CI test suite catches behavioral regressions on every deploy, and visible errors are fixed on the next deploy.

Reporting errors

If you spot a factual error, a broken tool, a missing citation, or content that's outdated, email support@pingthat.dev. The operator typically replies within 24 hours on weekdays. Substantive corrections are published with a Corrected YYYY-MM-DD note next to the affected paragraph.

Funding and monetization

PingThat accepts no payment for tool listings, no affiliate revenue, and no sponsored editorial content. Monetization is via Google AdSense display ads (where approved) and occasional Buy Me a Coffee tips. Ad slots are clearly marked Sponsored and separate from the rest of the page.