Whose storage does this read?

Because of the browser same-origin policy, JavaScript can only read the localStorage and sessionStorage of its own page. This tool therefore shows the storage for this site, not for other tabs or domains.

How do I inspect another site's storage?

Open that site and use your browser's developer tools (Application tab in Chrome, Storage tab in Firefox). A page cannot read another origin's web storage, so no in-page tool can do it across origins.

What do the flagged keys mean?

Flagged keys match well-known third-party analytics and advertising patterns such as _ga (Google Analytics), _fbp (Meta Pixel) and _hjid (Hotjar). A flag is a heuristic hint, not proof of tracking.

Is anything sent to a server?

No. The tool reads and writes only your local browser storage in JavaScript. Nothing you see here is transmitted anywhere.

What is the difference between localStorage and sessionStorage?

localStorage persists until explicitly cleared and is shared across tabs of the same origin. sessionStorage is scoped to a single tab and is wiped when that tab closes.

localStorage / sessionStorage Inspector

Browsers expose two key-value stores to every web page: localStorage (persistent) and sessionStorage (per-tab). Sites use them for preferences, auth tokens and — frequently — third-party analytics identifiers. This inspector lists every key the current page can read, shows its size, lets you search and delete entries, and flags keys that match common tracker patterns. It is a quick privacy and debugging aid.

How it works

JavaScript can read window.localStorage and window.sessionStorage only for its own origin — the browser’s same-origin policy forbids reading another site’s storage. So this tool reports the storage belonging to this page. It iterates every key, records the value length in bytes, and tests the key name against a list of well-known tracker prefixes (_ga, _gid, _fbp, _hjid, amplitude, mp_, and similar).

Tips

To audit a different website’s storage, open that site and use its DevTools Application/Storage panel — no in-page script can cross origins.
Deleting an auth or session key here logs you out of this page; clear with care.
A flagged key is a heuristic signal. Confirm by checking the value and the site’s privacy policy before drawing conclusions.

Notes

All reads and writes happen locally in your browser. Nothing is transmitted to any server, and clearing a store cannot be undone.