Putting the user in charge of their online identity is a necessary precondition for privacy on the web. This requires the ability to manage identifying information that remote parties store in data repositories on the user's device. We performed a crawl of thousands of popular websites with the intention of assessing the prevalence of various problematic patterns of clientside data storage. The focus of this paper is on techniques that make use of the browser cache, especially when they impede active identity management by the user. From these results, we derive a novel privacy-enhancing policy for client-side data storage - self-destructing identifiers - improving the current defacto standard. This policy has already seen some adoption in practice in the form of a Firefox add-on that we developed as a proof of concept.