Home How do you disable browser Autocomplete on web form field / input tag?
Reply: 29

How do you disable browser Autocomplete on web form field / input tag?

Brett Veenstra
Brett Veenstra Published in 2008-08-05 16:22:32Z

How do you disable autocomplete in the major browsers for a specific input (or form field)?

Dave Jarvis
Dave Jarvis Reply to 2015-01-20 09:23:39Z

Firefox 30 ignores autocomplete="off" for passwords, opting to prompt the user instead whether the password should be stored on the client. Note the following commentary from May 5, 2014:

  • The password manager always prompts if it wants to save a password. Passwords are not saved without permission from the user.
  • We are the third browser to implement this change, after IE and Chrome.

According to Mozilla developer documentation the form element attribute autocomplete prevents form data from being cached in older browsers.

<input type="text" name="foo" autocomplete="off" />
Raghav Dinesh
Raghav Dinesh Reply to 2018-01-06 10:54:21Z

Was a non-standard way to do this (I think Mozilla and Internet Explorer still support it) but messing with the users expectations is a bad idea.

If the user enters their credit card details in a form and then let's someone else use that browser it's not your concern. :)

Teifion Reply to 2008-08-05 16:27:39Z

Use a non-standard name and id for the fields, so rather than "name" have "name_". Browsers will then not see it as being the name field. The best part about it is that you can do this to some but not all fields and it will autocomplete some but not all fields.

Raghav Dinesh
Raghav Dinesh Reply to 2018-01-06 06:36:51Z
<form name="form1" id="form1" method="post" 
      autocomplete="off" action="http://www.example.com/form.cgi">

This will work in Internet Explorer and Mozilla FireFox, the downside is that it is not XHTML standard.

Jibяaᴎ Khaᴎ
Jibяaᴎ Khaᴎ Reply to 2015-08-01 10:45:01Z

Just set autocomplete="off". There is a very good reason for doing this: You want to provide your own autocomplete functionality!

Raghav Dinesh
Raghav Dinesh Reply to 2018-01-06 07:34:42Z

On a related or actually, on the completely opposite note -

"If you're the user of the aforementioned form and want to re-enable the autocomplete functionality, use the 'remember password' bookmarklet from this bookmarklets page. It removes all autocomplete="off" attributes from all forms on the page. Keep fighting the good fight!"

Sören Kuklau
Sören Kuklau Reply to 2008-09-08 19:42:51Z

Why would you make your user's life less convenient?

"Passwords / credit card data / etc. should not be saved" is a bad argument: with autocomplete on, browsers in Mac OS X store such values in an encrypted database with per-application permissions. Conversely, what's the realistic effect of autocomplete=off? The user is going to write it in an unencrypted text file, or better yet, on a post-it note attached to the screen.

Good thing there's bookmarklets like the one Antti mentioned, and patches to make the engine ignore the attribute altogether.

Seriously, I urge you to reconsider using this attribute. It does not benefit anyone.

Jon Adams
Jon Adams Reply to 2008-09-16 15:35:02Z

We did actually use sasb's idea for one site. It was a medical software web app to run a doctor's office. However, many of our clients were surgeons who used lots of different workstations, including semi-public terminals. So, they wanted to make sure that a doctor who doesn't understand the implication of auto-saved passwords or isn't paying attention can't accidentally leave their login info easily accessible. Of course, this was before the idea of private browsing that is starting to be featured in IE8, FF3.1, etc. Even so, many physicians are forced to use old school browsers in hospitals with IT that won't change.

So, we had the login page generate random field names that would only work for that post. Yes, it's less convenient, but it's just hitting the user over the head about not storing login information on public terminals.

atiquratik Reply to 2015-01-27 08:01:33Z

In addition to autocomplete=off, you could also have your form fields names be randomized by the code that generates the page, perhaps by adding some session-specific string to the end of the names. When the form is submitted, you can strip that part off before processing them on the server side. This would prevent the web browser from finding context for your field and also might help prevent XSRF attacks because an attacker wouldn't be able to guess the field names for a form submission.

Zub Reply to 2018-01-25 08:59:39Z

As others have said, the answer is autocomplete="off"

However, I think it's worth stating why it's a good idea to use this in certain cases as some answers to this and duplicate questions have suggested it's better not to turn it off.

Stopping browsers storing credit card numbers shouldn't be left to users. Too many users won't even realize it's a problem.

It's particularly important to turn it off on fields for credit card security codes. As this page states:

"Never store the security code ... its value depends on the presumption that the only way to supply it is to read it from the physical credit card, proving that the person supplying it actually holds the card."

The problem is, if it's a public computer (cyber cafe, library etc) it's then easy for other users to steal your card details, and even on your own machine a malicious website could steal autocomplete data.

cherouvim Reply to 2010-12-12 18:34:38Z

In order to avoid the invalid XHTML you can set this attribute using javascript. Example using jQuery:

<input type="text" class="noAutoComplete" ... />

$(function() {
    $('.noAutoComplete').attr('autocomplete', 'off');

The problem is that users without javascript will do get the autocomplete functionality.

Jonas G. Drange
Jonas G. Drange Reply to 2012-08-02 09:26:21Z

Adding the


to the form tag will disable the browser autocomplete (what was previously typed into that field) from all input fields within that particular form.

Tested on:

  • Firefox 3.5, 4 BETA
  • Internet Explorer 8
  • Chrome
GDP Reply to 2012-08-02 01:14:13Z

I think autocomplete=off is supported in HTML 5.

Ask yourself why you want to do this though - it may make sense in some situations but don't do it just for the sake of doing it.

It's less convenient for users and not even a security issue in OS X (mentioned by Soren below). If you're worried about people having their passwords stolen remotely - a keystroke logger could still do it even though your app uses autcomplete=off.

As a user who chooses to have a browser remember (most of) my information, I'd find it annoying if your site didn't remember mine.

Chris Baker
Chris Baker Reply to 2014-04-23 03:54:36Z

I'd have to beg to differ with those answers that say to avoid disabling auto-complete.

The first thing to bring up is that auto-complete not being explicitly disabled on login form fields is a PCI-DSS fail. In addition, if a users' local machine is compromised then any autocomplete data can be trivially obtained by an attacker due to it being stored in the clear.

There is certainly an argument for usability, however there's a very fine balance when it comes to which form fields should have autocomplete disabled and which should not.

xxxxx Reply to 2012-11-02 17:00:44Z

You may use in input.

For example;

<input type=text name="test" autocomplete="off" />
Ed Heal
Ed Heal Reply to 2012-12-04 18:45:43Z

try these too if just autocomplete="off" doesn't work:

autocorrect="off" autocapitalize="off" autocomplete="off"
Sjon Reply to 2015-10-29 21:20:37Z

Three options: First:

<input type='text' autocomplete='off' />


<form action='' autocomplete='off'>

Third (javascript code):

$('input').attr('autocomplete', 'off');
lifo Reply to 2013-08-15 19:02:55Z

None of the solutions worked for me in this conversation.

I finally figured out a pure HTML solution that requires no Javascript, works in modern browsers (except IE; there had to at least 1 catch, right?), and does not require you to disable autocomplete for the entire form.

Simply turn off autocomplete on the form and then turn it ON for any input you wish it to work within the form. For example:

<form autocomplete="off">
    <!-- these inputs will not allow autocomplete and chrome 
         won't highlight them yellow! -->
    <input name="username"  />
    <input name="password" type="password" />
    <!-- this field will allow autocomplete to work even 
         though we've disabled it on the form -->
    <input name="another_field" autocomplete="on" />
Zub Reply to 2018-01-24 22:14:37Z

Most of the major browsers and password managers (correctly, IMHO) now ignore autocomplete=off.

Why? Many banks and other "high security" websites added autocomplete=off to their login pages "for security purposes" but this actually decreases security since it causes people to change the passwords on these high-security sites to be easy to remember (and thus crack) since autocomplete was broken.

Long ago most password managers started ignoring autocomplete=off, and now the browsers are starting to do the same for username/password inputs only.

Unfortunately, bugs in the autocomplete implementations insert username and/or password info into inappropriate form fields, causing form validation errors, or worse yet, accidentally inserting usernames into fields that were intentionally left blank by the user.

What's a web developer to do?

  • If you can keep all password fields on a page by themselves, that's a great start as it seems that the presence of a password field is the main trigger for user/pass autocomplete to kick in. Otherwise, read the tips below.
  • Safari notices that there are 2 password fields and disables autocomplete in this case, assuming it must be a change password form, not a login form. So just be sure to use 2 password fields (new and confirm new) for any forms where you allow
  • Chrome 34, unfortunately, will try to autofill fields with user/pass whenever it sees a password field. This is quite a bad bug that hopefully, they will change the Safari behavior. However, adding this to the top of your form seems to disable the password autofill:

    <input type="text" style="display:none">
    <input type="password" style="display:none">

I haven't yet investigated IE or Firefox thoroughly but will be happy to update the answer if others have info in the comments.

Zub Reply to 2018-01-24 22:58:31Z

Sometimes even autocomplete=off would not prevent to fill in credentials into wrong fields, but not user or nickname field.

This workaround is in addition to apinstein's post about browser behavior.

fix browser autofill in read-only and set writable on focus (click and tab)

 <input type="password" readonly  

Update: Mobile Safari sets cursor in the field, but does not show virtual keyboard. New Fix works like before but handles virtual keyboard:

<input id="email" readonly type="email" onfocus="if (this.hasAttribute('readonly')) {
    // fix for mobile safari to show virtual keyboard
    this.blur();    this.focus();  }" />

Live Demo https://jsfiddle.net/danielsuess/n0scguv6/

// UpdateEnd

Because Browser auto fills credentials to wrong text field!?

I notice this strange behavior on Chrome and Safari, when there are password fields in the same form. I guess, the browser looks for a password field to insert your saved credentials. Then it auto fills (just guessing due to observation) the nearest textlike-input field, that appears prior the password field in DOM. As the browser is the last instance and you can not control it,

This readonly-fix above worked for me.

SuperBiasedMan Reply to 2015-08-01 10:48:25Z

I've been trying endless solutions, and then I found this:

Instead of autocomplete="off" just simply use autocomplete="false"

As simple as that, and it works like a charm in Google Chrome as well!

Jakob Løkke Madsen
Jakob Løkke Madsen Reply to 2018-01-24 19:33:38Z

This is a security issue that browsers ignore now. Browsers identify and stores content using input names, even if developers consider the information is sensitive and should not be stored. Making an input name different between 2 requests will solve the problem (but will still be saved in browser's cache and will also increase browser's cache). Ask the user to activate or deactivate options in its browser's settings is not a good solution. The issue can be fixed in the backend.

Here's my fix. An approach that I have implemented in my framework. All autocomplete elements are generated with an hidden input like this :

<? $r = rmd5(rand().mocrotime(TRUE)); ?>
<form method="POST" action="./">
    <input type="text" name="<? echo $r; ?>" />
    <input type="hidden" name="__autocomplete_fix_<? echo $r; ?>" value="username" />
    <input type="submit" name="submit" value="submit" />

Server then process post variables like this :

foreach ($_POST as $key => $val)
    if(preg_match('#^__autocomplete_fix_#', $key) === 1){
        $n = substr($key, 19);
        if(isset($_POST[$n]))$_POST[$val] = $_POST[$n];

The value can be accessed as usual


And the browser won't be able to suggest information from the previous request or from previous users.

All works like a charm, even if browsers updates, want to ignore autocomplete or not. That has been the best way to fix the issue for me.

WolfyD Reply to 2015-08-13 18:22:15Z

I know this is an old post, but it could be important to know that Firefox (I think only firefox) uses a value called ismxfilled that basically forces autocomplete.

ismxfilled="0" for OFF


ismxfilled="1" for ON

Matas Vaitkevicius
Matas Vaitkevicius Reply to 2015-10-28 16:32:06Z

Adding autocomplete="off" is not gonna cut it.

Change input type attribute to type="search".
Google doesn't apply auto-fill to inputs with a type of search.

Andy Reply to 2015-11-01 10:28:45Z

Safari does not change its mind about autocomplete if you set autocomplete="off" dynamically from javascript. However it would respect if you do that on per-field basis.

$(':input', $formElement).attr('autocomplete', 'off');
Tamilselvan K
Tamilselvan K Reply to 2015-11-16 13:02:37Z
<script language="javascript" type="text/javascript">
    $(document).ready(function () {
        try {
        catch (e)
        { }

Blair Anderson
Blair Anderson Reply to 2015-12-10 02:21:36Z

Chrome is planning to support this.

For now the best suggestion is to use an input type that is rarely autocompleted.

chrome discussion

<input type='search' name="whatever" />

to be compatible with firefox, use normal autocomplete='off'

<input type='search' name="whatever" autocomplete='off' />
jcubic Reply to 2016-02-25 15:27:56Z

You can disable autocomplete if you remove the form tag, the same was done by my bank and I was wondering how they did this. It even remove the value that was already remembered by the browser after you remove the tag.

Paul Stenne
Paul Stenne Reply to 2016-07-21 07:41:39Z

This is what we called autocomplete of a textbox. We can disable autocomplete of a Textbox in 2 ways-

  1. By Browser Label
  2. By Code

    To disable in browser go to the setting

Go to advance setting and uncheck the checkbox and then Restore.

If you want to disable in coding label you can do as follow-
Using AutoCompleteType="Disabled":

<asp:TextBox runat="server" ID="txt_userid" AutoCompleteType="Disabled"></asp:TextBox>  

By Setting Form autocomplete="off":

<asp:TextBox runat="server" ID="txt_userid" autocomplete="off"></asp:TextBox> 

By Setting Form autocomplete="off":

<form id="form1" runat="server" autocomplete="off">  
    //your content

By using code in .cs page

protected void Page_Load(object sender, EventArgs e)  

        txt_userid.Attributes.Add("autocomplete", "off");  


By Using Jquery

head runat="server">  
<script src="Scripts/jquery-1.6.4.min.js"></script>  
<script type="text/javascript">  
    $(document).ready(function () {  
        $('#txt_userid').attr('autocomplete', 'off');  


You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.405351 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO