The HTML autocomplete attribute is designed to enhance user experience by allowing browsers to suggest previously entered values for form fields. This feature is beneficial for improving form completion efficiency and is recommended by the Web Content Accessibility Guidelines (WCAG) to support users with cognitive and motor impairments.

However, in the context of various applications built on Pega Platform, the use of autocomplete introduces significant privacy and security concerns. Pega applications are used by agents and representatives who handle sensitive customer data regularly. Allowing browsers to store and autofill this information could lead to unintended data exposure, especially in shared or enterprise environments.

While setting autocomplete="off" might seem like a straightforward solution, Chromium-based browsers (such as Chrome and Edge) do not consistently honor this value for the autocomplete attribute. As a result, browsers may still attempt to autofill these fields, potentially violating data handling policies.

Please see the following article for Chromium's developer statement regarding the attribute: Bug filed with Chromium with a concluding statement of their stance on the matter

To mitigate this risk, we have made a deliberate decision to set the value to of the autocomplete attribute on form fields to "_off". This value is technically considered invalid due to the underscore and may be flagged by some automated accessibility testing tools as a non-compliant or incorrect usage. However this is an intentional decision based on business and security requirements. Setting this attribute's value "_off" on form fields prevents browsers from applying any autocomplete behavior for user input.