How to control the screenshots of my website in the recently used websites list shown on the new tab in my browser

Question

Browser like Firefox and Chrome take screen shot of the visited websites and can show them on a new tab as "recent used website".

Since my website is showing confidential information, how could I avoid the browsers to take screen shots for the "recent website" list, or at least limit it to the login page (like Facebook or banking website are doing)?

I found a possible answer in Is there a W3C standard meta tag to determine the cover image used to represent a website? but it seems a still unstable method, and banking sites I investigated are not using it apparently so I suspect there is another (better?) solution.

Any idea? I need it working at least for Firefox.

Note: sites are using HTTPS. Under Chrome, use HTTPS seems to solve it since blank screen is shown as preview. Firefox does show it even when using HTTPS.

UPDATE: On Mozzila's support page https://support.mozilla.org/en-US/kb/thumbnails-new-tab-page-missing-how-get-them-back they state the following:

Note: Some websites don't allow images (--> thumbnail) to be generated and saved

Unfortunately they don't tell how to do it... But yes it seems there is a way to avoid it...

UPDATE 2: What I actually am looking for is that the site uses cache for Javascript and images, but not for thumbnails. Use of HTTPS would to solve it, except because of the Firefox bug.

Answer 1

1. Turn Off Cache

Perhaps you could set the cache-control header. This would tell the browser to make all possible efforts not to save the page on the user's computer. Sadly, this would be a performance hit since the user would need to pull down each page entirely for every call they make.

2. HTTPS

Browsers understand that https sites need more security, so won't include https sites in the speed dial page. You should file a report with Mozilla.

3. Unique URL

Give the page with the sensitive information a unique URL every time it's opened.

Answer 2

I think I finally got it solved.

First of all, the "application manifest" does not help.

Based on @Peter's answer I found a way to implement it without loosing the browser cache for my "usefull" code, and keeping URL intact.

To archive it, I use a "main" page, that is the actual URL for the browser (-->thumbnail), with no caching, but it just contains a frame, where my "real" page is called internally. The real page does use caching, but since the website URL is the "no cache page", it seems thumbnail is not always the login page, even when the new page tab thumbnail points to my "main" page.

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache no-store">
<meta http-equiv="expires" content="0">
<title>My Website</title>
</head><body style="margin: 0;">
 <iframe src="init_index_main.jsp" name="main"  style="position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;" ></iframe>
</body>
</html>

So actually I implement all 3 recommendations of Peter, avoiding their side effect. Actually, I was already using the frame workaround to hide the real URL to the (common) users.

Of course if the user opens a link in a new tab, leaving the "main" frame, it could generate a thumbnail, but that's no the normal flow so I can live with it.

Answer 3

Some browsers are sending a special header when creating the thumbnails

HTTP_X_PURPOSE  preview

But as far as I know Firefox takes the screenshot during normal browsing.

Answer 4

Firefox's built-in thumbnail service does not persist thumbs if the Cache-Control: no-store header is present. It may still render them at runtime, e.g. for aero peek, but they will not be saved to disk.

Private browsing mode also disables thumbnail rendering.