CookieVault Guardian
TL;DR: CookieVault Guardian is a free, MIT-licensed Manifest V3 extension that automatically deletes cookies, localStorage, sessionStorage, IndexedDB, Cache Storage, and Service Worker registrations when you close the last tab on a domain — except for whitelisted sites. Built as the modern replacement for Cookie AutoDelete after Chrome’s MV2 sunset disabled the original in late 2024.
CookieVault Guardian is a Manifest V3 browser extension that automatically cleans browser storage for a domain the moment its last tab closes. It is the modern, Manifest V3-native successor to Cookie AutoDelete1, the privacy extension Chrome disabled in late 2024 as the Manifest V2 sunset reached its final phase2. Guardian rebuilds the per-tab cleanup workflow on the current Chrome extension APIs and extends the cleanup target list from “cookies only” to every browser-storage surface that can hold cross-session tracking state.
What Guardian does
In short: Guardian listens for
chrome.tabs.onRemoved, checks if any tab is still open on the closing tab’s domain, and if not, deletes every storage API entry for that domain — unless the domain is whitelisted. Six storage targets, each individually toggleable. The whitelist supports per-domain rules, subdomain inheritance, and wildcard patterns.
Six storage surfaces Guardian cleans:
- Cookies — every cookie for the domain, including HttpOnly cookies the page itself cannot reach
- localStorage — long-term key-value storage that survives across sessions and is invisible to cookie-only cleaners
- sessionStorage — per-tab storage; cleaned defensively even though it normally clears with the tab
- IndexedDB — structured per-origin database; often where trackers stash fingerprint state
- Cache Storage — Service Worker cache API; can be used as a tracking side channel
- Service Worker registrations — long-lived background scripts that can wake up to re-set cookies
Each surface has its own on/off toggle in settings. Defaults are sensible — all six on except in cases where a critical site breaks (rare).
A 2024 Mozilla blog on Total Cookie Protection3 frames the rationale: “Cookies are no longer the only mechanism for cross-site tracking, and a privacy tool that only cleans cookies misses the modern threat model.” Guardian’s six-surface scope is the operational response.
The whitelist (the most important feature)
In short: The whitelist is the difference between Guardian being useful and Guardian being annoying. Add every site you want to stay logged in to; everything else cleans on tab close. Subdomain inheritance and wildcards make the whitelist short and stable.
The whitelist UX is the modern reimplementation of Cookie AutoDelete’s classic flow:
- Click the toolbar icon while on a site → “Add to whitelist” — adds the current domain with subdomain inheritance on
- Wildcards —
*.googleapis.comwhitelists every Google APIs subdomain - Greylist — a middle ground: “keep for this session, clean on next close” (or “auto-promote to whitelist on next visit”)
- Containers (Firefox) — per-container whitelist rules, matching Firefox’s Multi-Account Containers extension
A starter whitelist that covers most users in the first five minutes:
- Your primary email (Gmail / Outlook / Proton)
- Your code host (GitHub / GitLab)
- Your work tools (Linear, Notion, Slack, Figma — whichever you use)
- Your bank
- Your password manager’s web UI (1Password / Bitwarden)
Everything else cleans on tab close by default.
Browser support
In short: Every modern Chromium browser uses the Chrome Web Store build. Firefox uses a separate Manifest V3 build. Safari is not supported (Safari Web Extensions have a different cleanup model).
| Browser | Source | Cookie AutoDelete also works? |
|---|---|---|
| Chrome | Chrome Web Store | No (Chrome MV2 sunset) |
| Edge | Edge Add-ons | No (same Chromium policy) |
| Brave | Chrome Web Store | No |
| Opera | Chrome Web Store | No |
| Vivaldi | Chrome Web Store | No |
| Arc | Chrome Web Store | No |
| Firefox | Firefox Add-ons | Yes (Firefox kept MV2 support) |
| Safari | Not supported | N/A |
If you only use Firefox and Cookie AutoDelete works for you, the urgent migration argument is weaker — Guardian’s Firefox draw is the cross-browser whitelist sync, not “your current setup is broken.”
How Guardian compares
| Feature | CookieVault Guardian | Cookie AutoDelete |
|---|---|---|
| Manifest version | V3 | V2 (deprecated) |
| Chrome / Edge / Brave | Yes | No (disabled) |
| Firefox | Yes | Yes |
| Cleans cookies | Yes | Yes |
| Cleans localStorage | Yes | Partial (later versions) |
| Cleans IndexedDB | Yes | No |
| Cleans Cache Storage | Yes | No |
| Cleans Service Worker | Yes | No |
| Whitelist / greylist | Yes | Yes |
| Wildcard patterns | Yes | Yes |
| Cross-device whitelist sync | Yes (Pro) | No |
| Active maintenance | Yes | Slowed |
Detailed page: CookieVault Guardian vs Cookie AutoDelete.
Pricing
In short: Free forever for local cleanup. $4/month or $36/year Pro for cross-device whitelist sync. Same pricing line as CookieVault Editor — they share an account when you have both.
- Free — all cleanup, all storage types, unlimited whitelist, greylist, wildcards. Permanent.
- Pro $4/mo or $36/yr — E2E encrypted cross-device whitelist sync, 30-day cookie history with undo (cookies only).
- Team $9/seat/mo — centralized rules across team members, audit log, SSO.
Pro is only worth the money if you use Guardian on more than one device.
How to install
- Chrome Web Store — search “CookieVault Guardian” → “Add to Chrome”
- Edge Add-ons — same Chromium build, Microsoft store
- Firefox Add-ons — separate Manifest V3 build
- Direct CRX for Opera / Vivaldi / Arc / Brave — GitHub release page, drag into extensions page
- Build from source — clone the repo,
npm install && npm run build, load unpacked
After installing:
- Pin the toolbar icon for one-click whitelist access
- Visit each site you want to stay logged in to
- Click the Guardian icon → “Add to whitelist”
- Verify the whitelist in Settings → Whitelist
- Browse normally — non-whitelisted tab closes trigger cleanup
See the auto-delete tab close how-to for the full setup walkthrough with edge cases.
See also
- CookieVault Editor — the companion cookie editor (EditThisCookie successor)
- Cookie AutoDelete alternative — full migration guide with side-by-side feature matrix
- Auto-delete cookies on tab close — setup walkthrough
- Cookie whitelist — whitelist deep dive
- Pricing — Free / Pro / Team breakdown
- Security — E2E encryption design
Footnotes
-
The Cookie AutoDelete source code is at https://github.com/Cookie-AutoDelete/Cookie-AutoDelete under the MIT license. The Firefox Add-ons listing remains functional; the Chrome Web Store listing was disabled with the MV2 sunset. ↩
-
Chrome’s Manifest V2 deprecation timeline is documented at https://developer.chrome.com/docs/extensions/develop/migrate and the stable-channel disablement schedule at https://developer.chrome.com/blog/resuming-the-transition-to-mv3. ↩
-
Mozilla’s Total Cookie Protection announcement and technical writeup is at https://developer.mozilla.org/en-US/docs/Web/Privacy. The “cookies are no longer the only mechanism” framing is paraphrased from Mozilla’s published privacy stance. ↩