Browsers expose two key-value stores to every web page: localStorage (persistent) and sessionStorage (per-tab). Sites use them for preferences, auth tokens and — frequently — third-party analytics identifiers. This inspector lists every key the current page can read, shows its size, lets you search and delete entries, and flags keys that match common tracker patterns. It is a quick privacy and debugging aid.
How it works
JavaScript can read window.localStorage and window.sessionStorage only for its own origin — the browser’s same-origin policy forbids reading another site’s storage. So this tool reports the storage belonging to this page. It iterates every key, records the value length in bytes, and tests the key name against a list of well-known tracker prefixes (_ga, _gid, _fbp, _hjid, amplitude, mp_, and similar).
What you will typically find
Most web apps deposit a predictable mix of items:
| Key pattern | Typical source | Storage type |
|---|---|---|
_ga, _gid | Google Analytics | localStorage |
_fbp, _fbc | Meta Pixel | localStorage |
_hjid, _hjSession* | Hotjar | localStorage |
mp_* | Mixpanel | localStorage |
auth_token, session_id | App login | sessionStorage |
cart, preferences | Site features | localStorage |
Tracker keys are usually prefixed with underscores and contain short alphanumeric or UUID values. App keys tend to have clearer names. Knowing which is which lets you evaluate what data persists between visits and what disappears when a tab closes.
localStorage vs sessionStorage: a practical difference
localStorage survives indefinitely — closing the browser does not clear it. An analytics ID written to localStorage can persist for months and link browsing sessions. sessionStorage is wiped the moment its originating tab closes; it cannot be shared across tabs even on the same site. Shopping-cart drafts and form-step state are the classic sessionStorage use cases.
When to use this tool
- Privacy audits: check which third-party identifiers a site plants on your machine before you consent or opt out.
- Debugging: verify that your app is saving preferences, cart state, or tokens correctly, and inspect the exact raw value.
- Storage cleanup: identify oversized values (high byte counts) that could slow storage reads, and delete stale or duplicate entries.
- Comparing before/after: open the tool, interact with a sign-in or consent flow, then reload to see which new keys appeared.
Tips
- To audit a different website’s storage, open that site and use its DevTools Application/Storage panel — no in-page script can cross origins.
- Deleting an auth or session key here logs you out of this page; clear with care.
- A flagged key is a heuristic signal. Confirm by checking the value and the site’s privacy policy before drawing conclusions.
- Very large values (thousands of bytes) are often base64-encoded blobs or serialised JSON — expand them in the value column to inspect the structure.
Notes
All reads and writes happen locally in your browser. Nothing is transmitted to any server, and clearing a store cannot be undone.