This page is part of the META Dictionary frameset.

META FAQ

  1. How can I redirect the user to another page ?
  2. How can I stop users seeing stale copies of my pages ?
  3. How can I stop people re-framing my pages ?
  4. How can I make my pages display nicely in search engines ?
  5. How can I get my pages near the top in search engines ?
  6. How can I stop my pages being indexed ?
  7. What's the difference between HTTP-EQUIV and NAME META tags ?
  8. How can I stop people seeing my source code ?
Many questions that people ask me can best be answered with JavaScript, not META.

How can I redirect the user to another page ?

  1. With the Location HTTP header. Usually done in the server configuration or with a CGI script.
    Status: 302 Temporarily moved
    Location: http://some.org/new-URL.html
    
    or
    Status: 301 Permanently moved
    Location: http://some.org/new-URL.html
    
  2. With the Refresh META tag.
  3. With JavaScript, e.g.
    <body onload="document.location='http://other.org/'">
    
    JavaScript will also allow you to open a new window and set its size & attributes.

How can I stop users seeing stale copies of my pages ?

Ideally, you must generate proper HTTP headers, either using features of your server or using CGI scripts.

Example HTTP 1.1 headers

Cache-Control: must-revalidate
Cache-Control: max-age=3600
Cache-Control: no-cache
Example HTTP 1.0 headers
Expires: Tue, 08 Apr 1997 17:20:00 GMT
Expires: 0 
Pragma: no-cache
Note that dates in the Expires header must be given in the correct format, and that illegal values cause pages to be totally uncacheable, which is unlikely to be what you require (besides being antisocial). Generating an Expires header corresponding to the update interval of the page will give optimal results.

If it is not possible to set the HTTP header, the Expires META tag may be used. This will influence many browsers, but typically not proxy caches.

For Netscape Navigator 3.0, <meta http-equiv="Expires" content="0"> forces the browser to check the modification date each time the object is loaded from cache (if unchanged, the server returns status 304). This is equivalent to setting Navigator Option: Network-Preferences: Cache: Verify-Document= Every-Time.
<meta http-equiv="Pragma" content="no-cache;> causes the object not to be cached at all, chewing up bandwidth by forcing a full GET every time the object is referenced.

At this time, not all browsers or proxy agents support HTTP/1.1 operations. The following headers in a CGI script ought to prevent cacheing where this is required, e.g. in Vancover Webpages time page:

Cache-Control: no-cache
Pragma: no-cache
Expires: 0

How can I stop people re-framing my pages ?

Try using the Window-target tag, which in some browser versions may force the page to a particular frame (usually the top).

Alternatively, JavaScript such as this (attributed to Jason Olmsted) may be used:

<script language="JavaScript">
<!--
if (self.location.href != top.location.href) {
top.location.href = self.location.href;
}
// -->
</script>
or this (ex Andrew Daviel) which would put a frame page in the correct frameset from your site (assuming you have a URL defining the frameset with the correct frames, that is):
<script language="JavaScript">
  var ploc = parent.document.location + '' ;
  if (ploc.indexOf('your-site-here',0) <0) {
    parent.document.location='correct-frameset-URL-here' ;
  }
}
</script>
Another JS trick (Omer Koker):
<script language="JavaScript">
  if (top.frames.length >1) {top.location ="/file.html";}
</script>
which may be put in a page you require to be top frame (if a frameset, in the page header). By examining the server logs for "/file.html" it may be possible to find sites trying to frame your pages. This page may contain a warning and target="_top" link to the correct page/frameset.

Note: You page being framed may not always be abuse. For instance, anther site may include a link to yours but forget to put "target=_parent", or a search engine may use frames. An abusive situation would be where your page, designed to be viewed in your frameset with your navigation data and advertising, is framed by someone else with their own nav./advertising, thus appearing to take credit for your page. Destroying the original frameset of a search engine or legitimate referrer may annoy the user and dissuade them from visiting your site; it may be better to politely suggest that they middle-click or otherwise to view your site in a new window.

See Also:

How can I make my pages display nicely in search engines ?

Use the Description tag.

How can I get my pages near the top in search engines ?

Try using a keywords tag. Not all search engines support this, though. See e.g. How search engines work (Calafia), or SearchEngineWatch.

How can I stop my pages being indexed ?

Use the Robots tag. This may not be supported by all robots and spiders; try to list your page in a /robots.txt file on your server.

What's the difference between HTTP-EQUIV and NAME META tags ?

HTTP-EQUIV tags are equivalent to HTTP headers. Some servers may actually generate HTTP headers from the HTML tags, as suggested by the HTML 3.2 specification. Therefore, do not invent new HTTP-EQUIV tags unless you understand the HTTP specification. Use NAME tags instead.

How can I stop people seeing my source code ?

This is not really a META question, but it is often asked. The short answer is that you cannot prevent people seeing your HTML, since the protocol is inherently comprehensible and someone can use a simple HTTP GET command instead of using a regular browser. However, there are some avenues that can be explored. The javascript code no-right-click.html from javascript.internet.com will prevent operation of the right mouse button in Netscape and IE, providing that JavaScript is turned on. This will prevent casual users from copying an image or link.

A more complex approach would be to generate the content in JavaScript, so that a user who disables scripting would not see the image or link. If the script encrypts the content in some way, and checks the current URL to make sure it is running from the correct server, this will defeat casual knowlegable users. Even more esoteric approaches are possible, for example checking the browser type in the server to defeat casual attempts to download the code directly outside a browser.

More Questions ?

Mail me any more questions (and preferably the answers !).