Clear-Site-Data

Baseline 2023

Newly available

Since September 2023, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The HTTP Clear-Site-Data response header sends a signal to the client that it should remove all browsing data of certain types (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored by browsers for their origins.

Header type Response header
Forbidden header name No

Syntax

http
// Single directive
Clear-Site-Data: "cache"

// Multiple directives (comma separated)
Clear-Site-Data: "cache", "cookies"

// Wild card
Clear-Site-Data: "*"

Directives

Note: All directives must comply with the quoted-string grammar. A directive that does not include the double quotes is invalid.

"cache"

The server signals that the client should remove locally cached data (the browser cache, see HTTP caching) for the origin of the response URL. Depending on the browser, this might also clear out things like pre-rendered pages, script caches, WebGL shader caches, or address bar suggestions.

"clientHints" Experimental

Indicates that the server will remove all client hints (requested via Accept-CH) stored for the origin of the response URL.

Note: In browsers that support the "clientHints" data type, client hints are also cleared when the "cache", "cookies", or "*" types are specified. "clientHints" is therefore only needed when none of those other types are specified.

"cookies"

The server signals that the client should remove all cookies for the origin of the response URL. HTTP authentication credentials are also cleared out. This affects the entire registered domain, including subdomains. So https://example.com as well as https://stage.example.com, will have cookies cleared.

"storage"

The server signals that the client should remove all DOM storage for the origin of the response URL. This includes storage mechanisms such as:

"executionContexts" Experimental

The server signals that the client should reload all browsing contexts for the origin of the response (Location.reload).

"*" (wildcard)

The server signals that the client should clear all types of data for the origin of the response. If more data types are added in future versions of this header, they will also be covered by it.

Examples

Sign out of a website

If a user signs out of your website or service, you might want to remove locally stored data. To do this, add the Clear-Site-Data header to the page that confirms the logging out from the site has been accomplished successfully (https://example.com/logout, for example):

http
Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"

Clearing cookies

If this header is delivered with the response at https://example.com/clear-cookies, all cookies on the same domain https://example.com and any subdomains (like https://stage.example.com, etc.), will be cleared out.

http
Clear-Site-Data: "cookies"

Specifications

Specification
Clear Site Data
# header

Browser compatibility

BCD tables only load in the browser

See also