[2915] in WWW Security List Archive
RE: page security
daemon@ATHENA.MIT.EDU (David W. Morris)
Tue Sep 10 22:44:30 1996
Date: Tue, 10 Sep 1996 18:22:00 -0700 (PDT)
From: "David W. Morris" <dwm@shell.portal.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <01BB9EEF.05A851B0@www>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 10 Sep 1996, Uday Bikkasani wrote:
> <META HTTP-EQUIV="Expires" CONTENT="Sun, 01 SEP 1996 21:29:02 GMT">
>
> the above tag can be used and make sure that your expiry date has
> already passed.
Sorry ... that is not a solution ... support of the meta/http-equiv
tag is totally optional for the server and for the browser population.
A sometimes used hack which violates the http protocol is to return
an error http status where the expected explanatory body is the page
you don't want cached. I have been told that popular browsers don't
cache such pages locally ... but this is also not a 'standard' you
should bank upon.
