Web storage chooser
Cookies, localStorage, sessionStorage, IndexedDB, Cache API, or OPFS? Five questions about server visibility, data shape, and XSS risk — no pasted values, no persistence.
This quiz never asks you to paste storage contents. Assume any client-side store is readable if XSS lands — seethe XSS tutorial andcookie security flags.
~~~
Answer every question first.
Primary fit
Sweet spot
When not to use it
XSS note
Runner-up
~~~
Warnings
Checklist
~~~
Comparison table
| Cookies | localStorage | sessionStorage | IndexedDB | Cache | OPFS | |
|---|---|---|---|---|---|---|
~~~
About this tool
Browsers offer many storage layers with different lifetimes, quotas, and whether data rides on HTTP requests. Picking the wrong one leaks tokens (cookies on every request) or invites XSS exfiltration (localStorage).
Shareable URLs encode quiz answers only — never storage keys or values.
~~~