HTML and CSS Reference
The autocomplete attribute was introduced by Microsoft Internet Explorer in 1999 and
was adopted by other browsers, although it was not part of any previous HTML or
By default, autocomplete is enabled ( on ) for all form fields. You may currently rely on
your browser's ability to remember your passwords and autocomplete functionality to
log in to many of the websites you visit. If, however, you specify a value of off for this
attribute, you will disable this functionality.
In addition to disabling autocomplete at the individual input field level, you can also
disable it at the form level. If you disable autocomplete at the form level, you can
re-enable it for an individual form field by setting autocomplete="on" .
While many security experts suggest applying autocomplete="off" to form fields that
contain sensitive data, you should keep in mind that this is not a particularly effective
security measure. Some browsers do not yet support autocomplete , and since so many
tools exist to circumvent autocomplete="off" —tools that still auto-inject a user's stored
password—it's often security theater or simply a false security measure.
Those browsers that do not support autocomplete simply ignore the attribute
For a browser support reference on autocomplete , see Table 3-11 .
Table 3-11. Browser support for the autocomplete attribute
In Table 3-11 , “Yes” indicates that the browser has implemented auto
complete in a pre-HTML5, nonstandard way. Use Mike Taylor's input
and attribute support page at http://www.miketaylr.com/code/input-type
-attr.html to determine when a browser has implemented it per the
The autocomplete attribute in the WHATWG HTML specification at http://www