> 1) RFC 1945 does discribe HTTP 1.0 protocol. But makes no mention of > the actions we are looking at. There is a great deal of 'content' that > can fit in the HTTP protocol.
A little more searching legwork reveals that I was actually thinking of RFC 2616, sections 14.9.1 and 2, the cache-control directives. Whether they're relevant to the question you're asking[1] is another matter. > Somehow I don't think I will find an RFC for that Secret Decoder Ring. heh. probably not. You missed the third item I mentioned: heading over to netscape.public.mozilla.security, and asking people over there, who should know somewhat more than li'l ol' me. [1] What _are_ you asking , precisely? For details of a "secret" method to turn off PSM? I doubt there *is* one (accessible to a web page, anyhow), since that would be asking for trouble, in terms of malicious pages. The banks certainly wouldn't want to turn PSM off, anyhow, since that would take away HTTPS, which kinda impedes security. If you're asking about how to deactivate automatic password completion on a given page, a little digging in bugzilla reveals http://bugzilla.mozilla.org/show_bug.cgi?id=63961, which is pretty informative. -- gav
