' Add the expiration oResponse.Expires = -1 oResponse.Cache.SetCacheability(System.Web.HttpCacheability.NoCache) oResponse.Cache.SetAllowResponseInBrowserHistory(False)I explained the client that for a GET, a page redirect or a URL entered manually in the browser that there isn't much I could do. The only think that would bullet proof that as well would be to encapsulate the URL into a wrapper, which would contain an identifier which could then be used to validate against something at the server level.