Intent to Prototype: Delete-Cookie header
Yoav Weiss (@Shopify)
Contact emails
yoav...@chromium.orgExplainer
https://yoavweiss.github.io/delete-cookie/draft-deletecookie-weiss-http-00/draft-deletecookie-weiss-http.html#section-2Specification
https://yoavweiss.github.io/delete-cookie/draft-deletecookie-weiss-http-00/draft-deletecookie-weiss-http.htmlSummary
A header that would enable servers to delete cookies they receive without having to know the "path" or "domain" parameters with which these cookies were set.
Blink component
Internals>Network>CookiesMotivation
Long-operating web sites can often find themselves dealing with "cookie cruft" - cookies that no longer have backend logic that corresponds with them. Such cookies may have been set at some point in the past with far-reaching expiration dates, and are now causing useless cookie bloat at best, or using up quotas at the expense of relevant cookies at worst Deleting cookies is possible today by setting their expiry date to one in the past, but that requires one to know the "domain" and "path" parameters with which the cookies were set. That is not something that can be passively observed on the server side by default.
Initial public proposal
https://lists.w3.org/Archives/Public/ietf-http-wg/2025JanMar/0164.htmlTAG review
None.TAG review status
Not startedRisks
Interoperability and Compatibility
This feature has no compatibility risk. It's also getting engagement at the HTTPWG, and no strong pushback, which makes me think its interop risk is low.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Is this feature fully tested by web-platform-tests?
YesFlag name on about://flags
NoneFinch feature name
None for now, but I'll add one.Non-finch justification
NoneRequires code in //chrome?
FalseEstimated milestones
No milestones specified