How to Turn Off Form Autocompletion

Note: The ability for websites to disable the password manager using autocomplete = "off"  is being removed in Firefox 31 (bug 956906)

Like most modern browsers, Gecko™-based browsers (e.g. Mozilla and Firefox browsers) can be configured to remember the information the user fills in for form and password fields on web sites. This article shows you how to disable this feature.

This feature is called Form and Password Autocompletion in Gecko browsers. The feature is known in other browsers by names such as "Form Pre-filling", "Roboform", "Remember password", "Form fill in", "Fill in form" and/or "Wallet". Gecko-based browsers have had this feature since Mozilla Milestone M18, or Netscape 6.0 (late 2000). The autocompletion feature for form and password fields are by default turned on but can be turned off by end users via the preference settings in the respective control panel for Form and Password Manager:

  • For forms, go to Edit > Preferences > Privacy & Security > Forms and uncheck the option to save form data when entering forms.
  • For passwords, go to Edit > Preferences > Privacy & Security > Passwords and uncheck the option to remember passwords. Note that passwords can be stored in an encrypted format.

Note that on Mac OS X Mozilla browsers, the Preferences menu item can be found under the Mozilla menu item.

Form & Password Managers also allow the user to manage stored form and password information.

Both the Form Manager and the Password Manager feature raise dialog boxes prompting users whether or not they want the form field information to be stored. The autocompletion feature is convenient for users and the large majority seem to prefer to have this feature turned ON. The Gecko preference default reflects this fact. Security and privacy related preferences ultimately belong to the user and for this reason most web sites, including web mail and many sites with commercial transactions, honor the user preference for this feature. However, some web sites for security reasons need to turn the feature off. This is typically true for banks and financial institutions where transactions are considered extremely sensitive.

The feature can be turned off of course by instructing the user to uncheck the option in Form and Password Managers, but this involves an action on the user's part and the desired result may not always be obtained.

This technote shows how web designers and webmasters can turn off this autocompletion feature for a particular web page -- even if the user has autocompletion turned on in the browser preference settings.

Three Aspects of Autocompletion

For this discussion, it is useful to consider 3 major aspects of autocompletion in Gecko browsers, and the important aspects for consideration in terms of user experience.

  • Form Manager prompt—whether or not the user is presented with a dialog to allow the browser to store form field information. If a dialog box is presented, the user has to consciously decline in order to avoid storing the information.
  • Password Manager prompt—whether or not the user is presented with a dialog to allow the browser to store password field information. If a dialog box is presented, the user has to consciously decline in order to avoid storing the information.
  • Session history caching—whether or not the browser should store form data in session history for subsequent retrieval. When form data is cached in session history, the information the user has filled in will be visible after the user has submitted the form and clicked on the Back button to go back to the original form page.

Password fields are like other form fields, but Gecko browsers provide an option to store the info in them in an encrypted file format on disk. Because of the sensitivity of passwords, there is a dedicated Password Manager for these types of form fields, whereas Form Manager handles other non-password storage of form data.

Typically, turning off autocompletion involves suppressing both the Form Manager and Password Manager dialog boxes, as well as ensuring that form information is not stored in session history for future retrievals.

How to Turn Off the Autocompletion Feature for forms

The easiest and simplest way to prevent form data from being cached in session history is to use the autocomplete form element attribute with value "off":

autocomplete = "off"

For example, a typical form element line with autocompletion turned off might look like the following:

<form name="form1" id="form1" method="post" autocomplete="off"
  action="http://www.example.com/form.cgi">
[...]
</form>

Applicable browser versions: Netscape 6.2 (Mozilla 0.9.4) or later, IE 5 or later, Chrome 17 or later. For IE autocomplete info, see MSDN: autocomplete Property.

This form attribute was first introduced in Microsoft's Internet Explorer 5. Netscape introduced it in version 6.2 -- in prior versions, this attribute is ignored. The autocomplete attribute was added at the insistance of banks and card issuers, but prior to HTML5 was never part of an official standard.

In current versions of Gecko browsers, the autocomplete attribute works perfectly. For earlier versions, going back to Netscape 6.2, it worked with the exception for forms with "Address" and "Name" fields described below.

The form element contains at least two key words "Address" and "Name" or their variants. There may be other combinations of typical form words, but in the affected browser versions, these two together trigger the Form Manager prompt without fail. If only one of the two key words is present, e.g. "Address", with other words such as "Phone", "Fax", "Home", or "ZIP", the prompt does not occur. Note that variants of key words such as "Name1", "Address2" will also trigger the prompt.

More specifically, the two key words "Name" and "Address" must be contained either within the form as descriptions of input fields or as values for the name attribute of the input field. Attributes such as id do not have this effect. Typical HTML snippets that trigger the Form Manager dialog follow, and are illustrative of the types of markup which will trigger Form Manager to prompt users to store the form fields.

Keywords used to describe input fields:

<form name="form1" id="form1" method="post" autocomplete="off"
   action="http://www.example.com/form.cgi">
 Name: <input type="text" name="text1" /><br/>
 Address: <input type="text" name="text2" /><br/>
 Phone: <input type="text" name="text3" /><br/>
 Password: <input type="password" name="password" /><br/>
 <input type="Submit" name="Submit" value="Submit" />
</form>

The above snippet uses the keywords Name and Address to describe to the end user the type of data that the field solicits. Another way that Form Manager will be activated to prompt the user to store the form data is if the name attribute for the form input fields is one of the keywords, such as in the snippet below.

Keywords used as the value for the name attribute:

<form name="form1" id="form1" method="post" autocomplete="off"
   action="http://www.example.com/form.cgi">
 <input type="text" name="name" /><br/>
 <input type="text" name="address" /><br/>
 <input type="text" name="text3" /><br/>
 <input type="password" name="password" /><br/>
 <input type="Submit" name="Submit" value="Submit" />
</form>

In the cases above, the autocomplete feature is triggered and an attempt is made to store common form entries such as "name" and "address" in spite of the presence of the autocomplete attribute. In this case, the autocomplete attribute has no effect. However, a workaround would be to:

  • Not use the strings "name" and "address" as the values for the names of any of the form input fields.
  • Split the characters in words "Name" and "Address" with the span element, as the example below shows.
<form name="form1" id="form1" method="post" autocomplete="off"
   action="http://www.example.com/form.cgi">
 <span>N</span>ame: <input type="text" name="text1" /><br/>
 <span>A</span>ddress: <input type="text" name="text2" /><br/>
</form>

The trick is to enclose part of the words "Name" and "Address" in the span element. A Mozilla browser bug requests that Form Manager be turned off completely when the autocomplete="off" attribute is present. This bug appears to have been fixed in current Firefox (3.5.x), although it is not clear in which version it was fixed. (The bug issue was marked WorksForMe in May 2008.)

This particular sensitivity to the keywords "Name" and "Address" (case insensitive) is limited to these spellings and their variants in English, and possibly in other languages where the spellings are similar. Although we don't usually find these keywords being used in describing form fields in languages other than English, we find them sometimes as the name attribute values in many different languages. This latter is usually what prevents the autocomplete attribute from working as intended.

ECML Standards

Starting in October 1999, there was an effort to standardize field names (See Internet RFC 2706 and RFC 3106). As of October 2005, this is commonly supported on the transaction side, but not as commonly implemented by browsers. ECML forms look like this, eliminating guesswork on the part of the browser:

ECML Keywords:

<form name="form1" id="form1" method="post" action="http://www.example.com/form.cgi">
 <input type="text" name="Ecom_ShipTo_Postal_Name_First" /><br/>
 <input type="text" name="Ecom_ShipTo_Postal_Street_Line1" /><br/>
 <input type="text" name="Ecom_Payment_Card_Number" autocomplete="off" /><br/>
 <input type="Submit" name="Submit" value="Submit" />
</form>

Recommendation

Web sites can take advantage of the form element attribute autocomplete="off" to turn off Form Manager prompts as well as not allowing form data from being cached in session history to avoid inadvertent display of form info when the Back button is clicked. Web sites wishing to prevent Form Manager prompts need to avoid the use of the two key words "Name" and "Address" (and any lexical variants such as "Name1") in form field descriptions and avoid use of these keywords as the values of the name attribute of input fields. ECML labels can be used to make field interpretation unambiguous, but browser support is trailing.

Original Document Information

  • Authors: Katsuhiko Momoi and Arun Ranganathan
  • Last Updated Date: May 23rd, 2002
  • Copyright © 2001-2003 Netscape. All rights reserved.