Is autocomplete="off" compatible with all modern browsers?

Asked 5/10, 2010 at 22:40 Answered 9/4, 2021 at 8:16

I've just been given a requirement to prevent browsers from saving data entered into specific form fields. It's been years since I've done web dev, and this is a relatively new capability. I was able to find the form field property autocomplete="off", but I can't seem to find any documentation indicating which browsers support it. Can anyone point me in the right direction of a chart of form attributes and browser compatibility?

Ova answered 5/10, 2010 at 22:40 Comment(3)

Related: #582744 – Defamatory 5/10, 2010 at 22:48

Related: Does IE 11 ignore autocomplete=“off”? – Socialism 12/12, 2013 at 14:52

@camigreenall - not a duplicate; the question you linked to provided an answer to how to do it; what I asked for was documentation of browser compatibility. – Ova 8/5, 2015 at 19:35

103

Be aware that all major browsers are moving towards ignoring the attribute for password fields.

I can only offer anecdotal evidence, but I've yet to come across a browser that fails to respect autocomplete="off", this experience covers:

Firefox 1.5+ (Windows and Ubuntu)
Opera 6+ (Windows and Ubuntu)
Chrome v2+ (Windows and Ubuntu)
Epiphany 0.8 (ish) (Ubuntu)
Midori (I can't remember which version)
Safari v1+ (Windows)
IE 4 - 8, Windows.

I'm aware that Greasemonkey scripts, and presumably other user-scripts, can disable the autocomplete setting.

There's a couple of articles I found that might be useful to you:

Rupture answered 5/10, 2010 at 22:45 Comment(8)

Thanks for those articles. I know that there are scripts that can disable the setting, but there's only so much we can do. If someone wants their browser to save their credit card info on their personal computer, there's not much we can do to prevent it. We're really trying to keep data from being saved on shared machines. – Ova 6/10, 2010 at 14:20

@EmmyS, no that's true. It'd take a fairly tech-aware user to go to the trouble of implementing an anti-auto-complete solution, and what users do with your site on their machines is down to them, not you. =) – Rupture 6/10, 2010 at 14:29

@DavidThomas - Thanks for the list of compatibility, couldn't find a good one from caniuse, w3c, or elsewhere. :) +1 – Nannana 8/11, 2012 at 20:56

@Ova "We're really trying to keep data from being saved on shared machines." The correct way to do that is to correctly set-up the browsers on shared machines so that they do not keep any information between sessions. – Kingcraft 14/9, 2013 at 11:5

@Kingcraft - yeah, that's a good idea if you have control over the shared machines. We didn't in that case. – Ova 20/9, 2013 at 19:49

@Ova If you have no control over these machines, they could well be full of malware (in my experience, many unsupervised Windows shared machines are, and cybercafés are like malware reserves). The best advice is to never use an important password on a shared machine. – Kingcraft 21/9, 2013 at 12:39

@Kingcraft - yes, again, that's good advice. But I already know that. We have no control over what users do, except by using autocomplete = off and other hacks. – Ova 23/9, 2013 at 19:17

Maybe its very tricky but will work: https://mcmap.net/q/57902/-disabling-chrome-autofill – Erny 22/9, 2015 at 3:4

Password managers now ignore the autocomplete attribute for password fields in the major browsers as of:

It should still work fine for disabling autocomplete on form fields, but no longer affects the password manager.

Tension answered 25/1, 2014 at 9:25 Comment(1)

It doesn't. I just tested. Even placed additional autocomplete="false" on form field, besides one, that was present on form element itself. No effect whatsoever. I would say, that autocomplete is ignored by all major browsers. – Cherisecherish 28/10, 2015 at 19:14

As of Chrome v34, autocomplete="off" is now ignored by default.

This somewhat debatable feature can be disabled in the flags configuration by visiting chrome://flags

http://news.softpedia.com/news/Chrome-34-Seeks-to-Save-All-Your-Passwords-436693.shtml

Jiggerypokery answered 11/4, 2014 at 2:32 Comment(1)

Note that this change in Chrome only affects password fields. Non-password fields still respect the autocomplete="off" attribute. – Magneto 26/5, 2015 at 21:40

If you're able to use JavaScript and jQuery, you can place this on load of the html:

$('#theform input').val('');

Mockup answered 5/10, 2010 at 22:46 Comment(4)

This is being used inside Joomla, which uses Mootools - there are conflicts with mootools and jquery, so I can't do that. I'll keep it in mind for future reference, though. – Ova 6/10, 2010 at 14:9

refering to mootools documentation you can do $$('.emptyThisInForm').each(function(el){ el.value = ''; }); – Mockup 6/10, 2010 at 20:4

This code will mess up checkboxes and radio buttons. What may be more elegant is $('#theform')[0].reset() to force it back to the default values specified in the HTML. – Megrims 29/5, 2014 at 16:41

To just affect password fields, you could use a more specific jQuery selector, for example: $( '#theform input:password' ).val(''); – Daff 22/9, 2014 at 2:16

Except for Maxthon Browser I think, they are famous in china and making a name now worldwide. They don't treat Autotocomplete=off power very well. It won't work with them.

Aseity answered 15/9, 2015 at 20:20 Comment(1)

Yes, Maxthon will not respect autocomplete=off, but you can force it to not autocomplete the field by setting ismxfilled='0' – Idyllist 12/7, 2016 at 8:56

Some solution is not working in modern browsers.

Another solution link is given here. which works in all modern browsers.

Input type=password, don't let browser remember the password

You can use autocomplete="off" in this given soluton

Brahmana answered 1/11, 2016 at 7:55 Comment(0)

Matter of fact, both username and password fields doesn't react to AutoComplete=off in all the latest browsers.

Nyctaginaceous answered 5/10, 2017 at 11:31 Comment(0)

td;dr: To check on compatibility across browsers, here is an official MDN doc on turning off autocompletion with the link for compatibility - https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

A little longer answer: Your issue is because of Chrome's autofill feature, and here is Chrome's stance on it in this bug link - https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c164

To put it simply, there are two cases -

[CASE 1]: Your input type is something other than password. In this case, the solution is simple, and has three steps.
- Add name attribute to input
- name should not start with a value like email or username, otherwise Chrome still ends up showing the dropdown. For example, name="emailToDelete" shows the dropdown, but name="to-delete-email" doesn't. Same applies for autocomplete attribute.
- Add autocomplete attribute, and add a value which is meaningful for you, like new-field-name
It will look like this, and you won't see the autofill (and the value you enter won't be cached) for this input again for the rest of your life -
```
<input type="text/number/something-other-than-password" name="x-field-1" autocomplete="new-field-1" />
```
[CASE 2]: input type is password
- Well, in this case, irrespective of your trials, Chrome will show you the dropdown to manage passwords / use an already existing password and show the prompt to update the cached password. Firefox will also do something similar, and same will be the case with all other major browsers. Have a look at the MDN doc link I shared at the very top.
- In this case, if you really want to stop the user from seeing the dropdown to manage passwords or the prompt to save the credentials, you will have to play around with JS to switch input type, as mentioned in the other related questions.

Choctaw answered 9/4, 2021 at 8:16 Comment(0)

Recommended topics

Hot tags