diff --git a/apps/browser/src/platform/browser/browser-api.ts b/apps/browser/src/platform/browser/browser-api.ts
index 8a3dbafc5ce..eb9cc837e77 100644
--- a/apps/browser/src/platform/browser/browser-api.ts
+++ b/apps/browser/src/platform/browser/browser-api.ts
@@ -32,6 +32,36 @@ export class BrowserApi {
     return BrowserApi.manifestVersion === expectedVersion;
   }
 
+  static senderIsInternal(sender: chrome.runtime.MessageSender | null): boolean {
+    if (!sender?.url) {
+      return false;
+    }
+    const extensionUrl =
+      (typeof chrome !== "undefined" && chrome.runtime?.getURL("")) ||
+      (typeof browser !== "undefined" && browser.runtime?.getURL("")) ||
+      "";
+
+    if (!extensionUrl) {
+      return false;
+    }
+
+    if (!sender.url.startsWith(extensionUrl)) {
+      return false;
+    }
+
+    // these are all properties on externally initiated messages, not internal ones
+    if (
+      "tab" in sender ||
+      "documentId" in sender ||
+      "documentLifecycle" in sender ||
+      "frameId" in sender
+    ) {
+      return false;
+    }
+
+    return true;
+  }
+
   /**
    * Gets all open browser windows, including their tabs.
    *
diff --git a/apps/browser/src/platform/services/local-backed-session-storage.service.ts b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
index 9e808de0fd0..26605fefd8b 100644
--- a/apps/browser/src/platform/services/local-backed-session-storage.service.ts
+++ b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
@@ -43,6 +43,9 @@ export class LocalBackedSessionStorageService
       if (port.name !== portName(chrome.storage.session)) {
         return;
       }
+      if (!BrowserApi.senderIsInternal(port.sender)) {
+        return;
+      }
 
       this.ports.add(port);