A ‘Clear-Site-Data’ HTTP header prompts the user agent to clear browsing data associated with the requesting website. The supported browsing data types are cookies, storage (i.e. “site data”), and cache. This is a privacy and security enhancing feature. A sensitive website can trigger local data deletion after the user signs out. A website dealing with a persistent XSS attack can use this to ‘reset’ itself to a clean state.




Specification link

Specification being incubated in a Community Group

Status in Chromium


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • Positive



- Data are deleted by origin when possible, but in some cases (cookies, channel IDs) for the eTLD+1. - Make it possible to stop execution contexts and reload the requesting website, so that an XSS attack we are defending against can not store data in the memory and write them again after the deletion completes. - Find a way to communicate the fact that a deletion is pending, to the website as well as the user.

Search tags

clear, site data, clear site data, clear-site-data, header, cookies, cache, storage,

Last updated on 2021-09-24