The Clear-Site-Data
header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored locally by a browser for their origins.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
The Clear-Site-Data
header accepts one or more directives. If all types of data should be cleared, the wildcard directive ("*"
) can be used.
// Single directive Clear-Site-Data: "cache" // Multiple directives (comma separated) Clear-Site-Data: "cache", "cookies" // Wild card Clear-Site-Data: "*"
Directives
All directives must comply with the quoted-string grammar. A directive that does not include the double quotes is invalid.
"cache"
- Indicates that the server wishes to remove locally cached data (i.e. the browser cache, see HTTP caching) for the origin of the response URL. Depending on the browser, this might also clear out things like pre-rendered pages, script caches, WebGL shader caches, or address bar suggestions.
- Indicates that the server wishes to remove all cookies for the origin of the response URL. HTTP authentication credentials are also cleared out. This affects the entire registered domain, including subdomains. So https://example.com as well as https://stage.example.com, will have cookies cleared.
"storage"
- Indicates that the server wishes to remove all DOM storage for the origin of the response URL. This includes storage mechanisms such as:
- localStorage (executes
localStorage.clear
), - sessionStorage (executes
sessionStorage.clear
), - IndexedDB (for each database execute
IDBFactory.deleteDatabase
), - Service worker registrations (for each service worker registration, execute
ServiceWorkerRegistration.unregister
), - AppCache,
- WebSQL databases,
- FileSystem API data,
- Plugin data (Flash via
NPP_ClearSiteData
).
- localStorage (executes
"executionContexts"
- Indicates that the server wishes to reload all browsing contexts for the origin of the response (
Location.reload
). "*"
(wildcard)- Indicates that the server wishes to clear all types of data for the origin of the response. If more data types are added in future versions of this header, they will also be covered by it.
Examples
Sign out of web site
If a user signs out of your website or service, you might want to remove locally stored data. You can achieve that by adding the Clear-Site-Data
header when sending the page confirming that logging out from the site has been accomplished successfully (https://example.com/logout, for example):
Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"
Clearing cookies
If this header is delivered with the response at https://example.com/clear-cookies, all cookies on the same domain https://example.com and any subdomains (like https://stage.example.com, etc), will be cleared out.
Clear-Site-Data: "cookies"
Specifications
Specification | Status | Title |
---|---|---|
Clear Site Data | Working Draft | Initial definition. |
Browser compatibility
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Clear-Site-Data | Chrome Full support 61 | Edge Full support ≤79 | Firefox
Full support
63
| IE ? | Opera Full support 48 | Safari ? | WebView Android Full support 61 | Chrome Android Full support 61 | Firefox Android
Full support
63
| Opera Android Full support 45 | Safari iOS ? | Samsung Internet Android Full support 8.0 |
"cache" | Chrome Full support 61 | Edge Full support ≤79 | Firefox
Full support
63
| IE ? | Opera Full support 48 | Safari ? | WebView Android Full support 61 | Chrome Android Full support 61 | Firefox Android
Full support
63
| Opera Android Full support 45 | Safari iOS ? | Samsung Internet Android Full support 8.0 |
"cookies" | Chrome Full support 61 | Edge Full support ≤79 | Firefox
Full support
63
| IE ? | Opera Full support 48 | Safari ? | WebView Android Full support 61 | Chrome Android Full support 61 | Firefox Android
Full support
63
| Opera Android Full support 45 | Safari iOS ? | Samsung Internet Android Full support 8.0 |
"executionContexts" | Chrome
No support
No
| Edge
No support
No
| Firefox
No support
63 — 68
| IE ? | Opera No support No | Safari ? | WebView Android No support No | Chrome Android No support No | Firefox Android
No support
63 — 68
| Opera Android No support No | Safari iOS ? | Samsung Internet Android Full support 8.0 |
"storage" | Chrome Full support 61 | Edge Full support ≤79 | Firefox
Full support
63
| IE ? | Opera Full support 48 | Safari ? | WebView Android Full support 61 | Chrome Android Full support 61 | Firefox Android
Full support
63
| Opera Android Full support 45 | Safari iOS ? | Samsung Internet Android Full support 8.0 |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.
- Experimental. Expect behavior to change in the future.
- See implementation notes.
- See implementation notes.
- User must explicitly enable this feature.
- User must explicitly enable this feature.