diff --git a/features/http-auth.xml b/features/http-auth.xml
index 4a9414ba92..ca08581023 100644
--- a/features/http-auth.xml
+++ b/features/http-auth.xml
@@ -61,7 +61,7 @@
controls a non-authenticated URL from stealing passwords from
authenticated URLs on the same server.
- Both Netscape and Internet Explorer will clear the local browser
+ Both Netscape Navigator and Internet Explorer will clear the local browser
window's authentication cache for the realm upon receiving a
server response of 401. This can effectively "log out" a user,
forcing them to re-enter their username and password. Some people
@@ -99,12 +99,14 @@
standard, so you should never depend on this. Testing with Lynx
has shown that Lynx does not clear the authentication credentials
with a 401 server response, so pressing back and then forward
- again will open the resource (as long as the credential
- requirements haven't changed).
+ again will open the resource as long as the credential
+ requirements haven't changed. The user can press the
+ '_' key to clear their authentication information, however.
+
Also note that this does not work using Microsoft's IIS server and
- the CGI version of PHP due to a limitation of IIS.
-
+ the CGI version of PHP due to a limitation of IIS.
+