In an effort to improve security on the client-side modern browsers have introduced a means to allow for web applications request a client to remove persisted data. Of course, not supported in any version of MSIE or Safari, but all modern browsers Chrome 61+, Edge 79+, Firefox 63+ support.
This approach can be useful at logoff or session invalidation to remove data from the client-side, particularly in cases of persistent or reflected XSS.
Clear-Site-Data: “cache”, “cookies”, “storage”, “executionContexts”
If you’ve been online at all in the last decade, you’ve heard of the “dangers” of HTTP Cookies. More nefarious and harder to remove are Flash Cookies as they are handled by a plugin/extension/addon to the browser and exist outside of the normal security settings.
To see or delete Flash data, you’ve got to visit the following URL:
You will probably be suprised to see many of the sites listed, as Flash is often being used to present you with ads in addition to the interactive elements that you might expect.