Status: 302 Temporarily moved Location: http://some.org/new-URL.htmlor
Status: 301 Permanently moved Location: http://some.org/new-URL.html
<body onload="document.location='http://other.org/'">JavaScript will also allow you to open a new window and set its size & attributes.
Example HTTP 1.1 headers
Cache-Control: must-revalidate Cache-Control: max-age=3600 Cache-Control: no-cacheExample HTTP 1.0 headers
Expires: Tue, 08 Apr 1997 17:20:00 GMT Expires: 0 Pragma: no-cacheNote that dates in the Expires header must be given in the correct format, and that illegal values cause pages to be totally uncacheable, which is unlikely to be what you require (besides being antisocial). Generating an Expires header corresponding to the update interval of the page will give optimal results.
If it is not possible to set the HTTP header, the Expires META tag may be used. This will influence many browsers, but typically not proxy caches.
For Netscape Navigator 3.0,
<meta http-equiv="Expires" content="0">
forces the browser to check the modification date each time the object
is loaded from cache (if unchanged, the server returns status 304). This is
equivalent to setting Navigator Option: Network-Preferences: Cache: Verify-Document= Every-Time.
<meta http-equiv="Pragma" content="no-cache;>
causes the object not to be cached at all, chewing up bandwidth by
forcing a full GET every time the object is referenced.
At this time, not all browsers or proxy agents support HTTP/1.1 operations. The following headers in a CGI script ought to prevent cacheing where this is required, e.g. in Vancover Webpages time page:
Cache-Control: no-cache Pragma: no-cache Expires: 0
Alternatively, JavaScript such as this (attributed to Jason Olmsted) may be used:
<script language="JavaScript">
<!--
if (self.location.href != top.location.href) {
top.location.href = self.location.href;
}
// -->
</script>
or this (ex Andrew Daviel) which would put a frame page in
the correct frameset from your site (assuming you have a URL defining
the frameset with the correct frames, that is):
<script language="JavaScript">
var ploc = parent.document.location + '' ;
if (ploc.indexOf('your-site-here',0) <0) {
parent.document.location='correct-frameset-URL-here' ;
}
}
</script>
Another JS trick (Omer Koker):
<script language="JavaScript">
if (top.frames.length >1) {top.location ="/file.html";}
</script>
which may be put in a page you require to be top frame (if a frameset,
in the page header). By examining the server logs for "/file.html"
it may be possible to find sites trying to frame your pages. This page
may contain a warning and target="_top" link to the correct page/frameset.
Note: You page being framed may not always be abuse. For instance, anther site may include a link to yours but forget to put "target=_parent", or a search engine may use frames. An abusive situation would be where your page, designed to be viewed in your frameset with your navigation data and advertising, is framed by someone else with their own nav./advertising, thus appearing to take credit for your page. Destroying the original frameset of a search engine or legitimate referrer may annoy the user and dissuade them from visiting your site; it may be better to politely suggest that they middle-click or otherwise to view your site in a new window.
See Also:
A more complex approach would be to generate the content in JavaScript, so that a user who disables scripting would not see the image or link. If the script encrypts the content in some way, and checks the current URL to make sure it is running from the correct server, this will defeat casual knowlegable users. Even more esoteric approaches are possible, for example checking the browser type in the server to defeat casual attempts to download the code directly outside a browser.