Using Clear-Site-Data header

Clear-Site-Data Header

`Clear-Site-Data` is a fairly new header. When this header is set, the supported browsers will delete locally stored data associated with the website/domain.

The use cases include:

  • When the user signs out
  • When the user chooses to delete their account
  • Providing a reset button to tackle issues related to cookies (Not all users know how to delete cookies)
  • Responding to security incidents,  when the user accessing the next time, send this header to force delete all local data

Example:

class SessionsController < ApplicationController
  def destroy
    ...
    response.headers['Clear-Site-Data'] = '"cookies", "storage", "cache"'
    redirect_to root_path
  end
end

Note: Clearing cookies is effective for the target domain and all its sub-domains.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Clear-Site-Data

AI Summary AI Summary
gpt-4o-2024-08-06 2025-03-22 01:55:15
The `Clear-Site-Data` header is used by supported browsers to delete locally stored data associated with a website. It is useful when users sign out, delete their accounts, for cookie issues, or security responses. Clearing affects the target domain and its sub-domains.
Chrome On-device AI 2025-05-01 01:44:34
Share Share this Post