Situation

You have found a Suspicious value and you wonder how it came about.

Approach

Find the source code of the constructor or initializer of the suspicious value. Set a breakpoint there. Rerun the example. (If the value is a primitive value, it's more difficult to find out where it was generated.)

Example

In the Ruby on Rails example from Spot the differences, you found the NullSession to be suspicious. (It might be called NullSessionHash or similar. I'm lazy to reproduce it now, so stick with NullSession.) In RubyMine, you can open universal search with Shift-Shift, type in NullSession and hit Enter. This will take you to the initialize method, where you set a breakpoint

When you hit the breakpoint, nose around in the preceding code and the preceding stack frames. You find out that the CSRF token wasn't set. Voilà. Why was it not set? Because you switched from jQuery.ajax to fetch and forgot to adjust to the new tool. When debugging, Be suspicious of new tools.