🗄️

Local Storage

Web Security

Tracking XSS (Cross‑Site Scripting) Cookie Storage Partitioning

Web Storage API persisting key/value data; accessible to JavaScript and therefore sensitive to XSS.

Definition

Local storage (Web Storage) persists data per origin and is accessible to scripts. Because it is script-readable, it is risky for storing sensitive tokens.

In plain English Web Storage API persisting key/value data; accessible to JavaScript and therefore sensitive to XSS.

Why this matters

Why it matters: Storing auth tokens in local storage can increase account takeover risk under XSS.

Example

Example: Prefer HttpOnly cookies for session tokens; store only non-sensitive settings in local storage.

Local Storage

Definition

Why this matters

Example

Accessibility Settings

Text Size

Theme

Contrast Level

Language & Content

Need help with a term? Open the glossary