How we built it

Clear-Site-Data header

A ‘Clear-Site-Data’ HTTP header prompts the user agent to clear browsing data associated with the requesting website. The supported browsing data types are cookies, storage (i.e. “site data”), and cache. This is a privacy and security enhancing feature. A sensitive website can trigger local data deletion after the user signs out. A website dealing with a persistent XSS attack can use this to ‘reset’ itself to a clean state.


- Data are deleted by origin when possible, but in some cases (cookies, channel IDs) for the eTLD+1. - Make it possible to stop execution contexts and reload the requesting website, so that an XSS attack we are defending against can not store data in the memory and write them again after the deletion completes. - Find a way to communicate the fact that a deletion is pending, to the website as well as the user.


Editor's draft

Status in Chromium

Proposed (launch bug)

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • Positive


Last updated on 2016-04-29