Opened 3 years ago

Last modified 21 months ago

#31425 new New feature

Support for Clear-Site-Data header.

Reported by: Mads Jensen Owned by: nobody
Component: HTTP handling Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Someday/Maybe
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Mariusz Felisiak)

There's a new header described at https://github.com/w3c/webappsec-clear-site-data that can be used to enforce the browser to remove various types of data that the user leaves behind. A usage example is to clear data on either an account deletion, or simply when signing out. Examples are the cache and the cookies. The document is still a working draft.

Some time ago, support for the cookie SameSite flag was implemented.

It appears that the major browser vendors have implemented support for it, to some extend. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data

Change History (1)

comment:1 Changed 3 years ago by Mariusz Felisiak

Description: modified (diff)
Summary: Support for Clear-Site-Data headerSupport for Clear-Site-Data header.
Triage Stage: UnreviewedSomeday/Maybe

Marking as "Someday/Maybe" because specification is still a draft and may change at any moment.

Note: See TracTickets for help on using tickets.
Back to Top