'Refresh' HTTP header

As far as I know, Refresh (along with Set-Cookie and possibly some other proprietary pseudo-headers) were created by Netscape in the very early days of the internet and have been basically (but not quite) standard since then. Because just about every browser supports it, Refresh is pretty safe to use -- and commonly is.

I guess it never became part of the official standards because they already had provisions for that with the status codes.

from the W3C HTML 4.01 specification, quote:

META and HTTP headers

The http-equiv attribute can be used in place of the name attribute and has a special significance when documents are retrieved via the Hypertext Transfer Protocol (HTTP). HTTP servers may use the property name specified by the http-equiv attribute to create an [RFC822]-style header in the HTTP response. Please see the HTTP specification ([RFC2616]) for details on valid HTTP headers.

What this means is that when you use the <meta http-equiv="refresh" url="..."/> tag, you are actually instructing the browser to act as if there were a Refresh header being sent.

a good overview of the history of it can be found at http://www.securiteam.com/securityreviews/6Z00320HFQ.html

According to Wikipedia: URL Redirection:

This is a proprietary/non-standard extension by Netscape. It is supported by most web browsers.