This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can I restrict the password autofill to the exact url / form (sub)domain

more options

I have different login forms on different sub domains so I always get a huge lists of different logins. and also I get my password for the basic auth from the web-server on my login form.

I also consider this as a security risk when different sub domains belong to different parties and I accidentally put my password into the wrong form.

Can I config Firefox the way that I get only passwords in the list that match the exact url or at least the (sub)domain?

Another Question As a Web-developer can I do something that my client don't experience such a mess (like giving the login form a special id so passwords are restricted do this particular form.

I have different login forms on different sub domains so I always get a huge lists of different logins. and also I get my password for the basic auth from the web-server on my login form. I also consider this as a security risk when different sub domains belong to different parties and I accidentally put my password into the wrong form. Can I config Firefox the way that I get only passwords in the list that match the exact url or at least the (sub)domain? Another Question As a Web-developer can I do something that my client don't experience such a mess (like giving the login form a special id so passwords are restricted do this particular form.

Chosen solution

Could you test this out and see whether it works for you:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.

(2) In the search box in the page, type or paste signon.includeOtherSubdomainsInLookup and pause while the list is filtered

(3) Double-click the preference to switch the value from true to false


Regarding the web dev side of it, I don't know whether the form ID is relevant at all. Possibly the name attributes of the username and password field could be a factor. If they are, and you write their values to hidden fields on form submit, then you could randomize those names.

Read this answer in context 👍 1

All Replies (1)

more options

Chosen Solution

Could you test this out and see whether it works for you:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.

(2) In the search box in the page, type or paste signon.includeOtherSubdomainsInLookup and pause while the list is filtered

(3) Double-click the preference to switch the value from true to false


Regarding the web dev side of it, I don't know whether the form ID is relevant at all. Possibly the name attributes of the username and password field could be a factor. If they are, and you write their values to hidden fields on form submit, then you could randomize those names.

Modified by jscher2000 - Support Volunteer