diff --git a/include/class.http.php b/include/class.http.php
index 2fd09a8d70f7aa37041bd8b57597216024cc5cc7..b2a9738e0c2a3d87ff75eadd82ee34ee6fc0b50e 100644
--- a/include/class.http.php
+++ b/include/class.http.php
@@ -32,7 +32,7 @@ class Http {
         endswitch;
     }
 
-    function response($code,$content,$contentType='text/html',$charset='UTF-8') {
+    function response($code,$content=false,$contentType='text/html',$charset='UTF-8') {
 
         header('HTTP/1.1 '.Http::header_code_verbose($code));
 		header('Status: '.Http::header_code_verbose($code)."\r\n");
diff --git a/include/staff/login.tpl.php b/include/staff/login.tpl.php
index 6319d289b6c8bbf7618ecc7f70959d20ccfd9ada..fdf4c7afbbab4e61bbec14a7d3eadae1d1c110fd 100644
--- a/include/staff/login.tpl.php
+++ b/include/staff/login.tpl.php
@@ -14,7 +14,7 @@ $info = ($_POST && $errors)?Format::htmlchars($_POST):array();
     </a></h1>
     <h3><?php echo Format::htmlchars($msg); ?></h3>
     <div class="banner"><small><?php echo ($content) ? Format::display($content->getLocalBody()) : ''; ?></small></div>
-    <form action="login.php" method="post">
+    <form action="login.php" method="post" id="login">
         <?php csrf_token(); ?>
         <input type="hidden" name="do" value="scplogin">
         <fieldset>
diff --git a/login.php b/login.php
index 7971e1074b0f05171b17cd5d007259dbef441a9e..a1ec62245804fe7a2414c6f53516935a671b8c26 100644
--- a/login.php
+++ b/login.php
@@ -122,6 +122,11 @@ if (!$nav) {
     $nav = new UserNav();
     $nav->setActiveNav('status');
 }
+
+// Browsers shouldn't suggest saving that username/password
+Http::response(401);
+header('WWW-Authenticate: html-form id=clientLogin');
+
 require CLIENTINC_DIR.'header.inc.php';
 require CLIENTINC_DIR.$inc;
 require CLIENTINC_DIR.'footer.inc.php';
diff --git a/scp/login.php b/scp/login.php
index 6655239c2be175d57a10a49744bb45019b928032..f0da8319ec629b27fc75b1e08b00a5c5fc1f239c 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -70,6 +70,10 @@ elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
        @header("Location: $dest");
 }
 
+// Browsers shouldn't suggest saving that username/password
+Http::response(401);
+header('WWW-Authenticate: html-form id=login');
+
 define("OSTSCPINC",TRUE); //Make includes happy!
 include_once(INCLUDE_DIR.'staff/login.tpl.php');
 ?>