Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored by a client browser for their origins.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
The Clear-Site-Data header accepts one or more directives. If all types of data should be cleared, the wildcard directive ("*") can be used.
// Single directive Clear-Site-Data: "cache" // Multiple directives (comma separated) Clear-Site-Data: "cache", "cookies" // Wild card Clear-Site-Data: "*"
Note: All directives must comply with the quoted-string grammar. A directive that does not include the double quotes is invalid.
"cache" Experimental
Indicates that the server wishes to remove locally cached data (the browser cache, see HTTP caching) for the origin of the response URL. Depending on the browser, this might also clear out things like pre-rendered pages, script caches, WebGL shader caches, or address bar suggestions.
Indicates that the server wishes to remove all cookies for the origin of the response URL. HTTP authentication credentials are also cleared out. This affects the entire registered domain, including subdomains. So https://example.com as well as https://stage.example.com, will have cookies cleared.
"storage"Indicates that the server wishes to remove all DOM storage for the origin of the response URL. This includes storage mechanisms such as:
localStorage.clear),sessionStorage.clear),IDBFactory.deleteDatabase),ServiceWorkerRegistration.unregister),NPP_ClearSiteData)."executionContexts" Experimental
Indicates that the server wishes to reload all browsing contexts for the origin of the response (Location.reload).
"*" (wildcard)Indicates that the server wishes to clear all types of data for the origin of the response. If more data types are added in future versions of this header, they will also be covered by it.
If a user signs out of your website or service, you might want to remove locally stored data. To do this, add the Clear-Site-Data header to the page that confirms the logging out from the site has been accomplished successfully (https://example.com/logout, for example):
Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"
If this header is delivered with the response at https://example.com/clear-cookies, all cookies on the same domain https://example.com and any subdomains (like https://stage.example.com, etc.), will be cleared out.
Clear-Site-Data: "cookies"
| Specification |
|---|
| Clear Site Data # header |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
Clear-Site-Data |
61 |
≤79 |
63 |
No |
48 |
No |
61 |
61 |
63 |
45 |
No |
8.0 |
cache |
61 |
≤79 |
94
63-94
|
No |
48 |
No |
61 |
61 |
63-94 |
45 |
No |
8.0 |
cookies |
61 |
≤79 |
63 |
No |
48 |
No |
61 |
61 |
63 |
45 |
No |
8.0 |
executionContexts |
No
See bug 898503.
|
No
See bug 898503.
|
63-68 |
No |
No
See bug 898503.
|
No |
No
See bug 898503.
|
No
See bug 898503.
|
63-68 |
No
See bug 898503.
|
No |
8.0 |
secure_context_required |
61 |
≤79 |
63 |
No |
48 |
No |
61 |
61 |
63 |
45 |
No |
8.0 |
storage |
61 |
≤79 |
63 |
No |
48 |
No |
61 |
61 |
63 |
45 |
No |
8.0 |
© 2005–2022 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data