This document defines an imperative mechanism which allows web developers to instruct a user agent to clear a user’s locally stored data related to a host and its subdomains. w3c
A user’s data is both sensitive and valuable; web developers ought to take reasonable steps to protect it. One such step would be to encrypt data before storing it. Another would be to remove data from the user’s machine when it is no longer necessary (for example, when the user signs out of the application, or deletes their account).
This document defines a new mechanism to deal with removing data from these and other types of local storage, giving web developers the ability to clear out a user’s local cache of data via the Clear-Site-Data HTTP response header.
The abstract says a site can clear user data from its subdomains. Yikes. I've imagined that a domain owner granting dns lookup to a subdomain can at most withdraw that grant, but clear data, hmm, I'm going to have to think about the power that confers across this relationship.