Using the PayPal API, when the user cancels the process or is redirected back to the shopping cart page in order to review the order, the page URL includes the GET paramenter "token". I don't want the user to see that token, so I redirect the page to itself without the query string, using a 301 redirect. Hovewer, the URL including the token is saved in the browser history (at least in Firefox and Chrome) and shows up as autocomplete option when typing in the address bar.
The PayPal express checkout API doesn't have a parameter to make the return requests POST instead of GET (as opposed to the form-based method with hidden fields). Is there any way to do a redirect that won't have the original URL saved in the browser history?
I also tried 302 and Refresh: 0; url=... - but that still saves the URL...
