The common way used by sketchy websites is by using a bunch of redirects.

The page sits at the end of a super long chain of web pages, all of which just push you one down the chain. The back button only takes you back one page, so even if you click it a few times you’ll still end up on the page you want to leave because you’re just backing out into the chain.

The website can use a “filler” (not sure if there’s a term for it) page in between pages that automatically forwards to another page. Instead of going from Page A to B (the desired page), it goes from A to C (“filler” page), which executes a script to automatically redirect you to B. So when you try to back out from B, you hit C instead, which pushes you back to B.

Usually, if you hold down on the back button, it’ll bring up a list of previous pages in the sequence they were visited. You can usually see the redirect page in that list.

There’s a command in HTML called `refresh` which allows a webdev to write a page in such a way as your browser reloads the page every 30 seconds, or every minute, or whatever amount of time they choose.

Here’s an example snippet of code which would just refresh the page every 30 seconds:

<meta http-equiv=”refresh” content=”30″>

The refresh command can *also* be used to re*direct* your browser to another address.

Here’s an example snippet of refresh code, which would redirect your browser to w3docs.com after 3 seconds.

<meta http-equiv=”Refresh” content=”3; url=’https://www.w3docs.com'” />

Naughty webdevs will basically use the refresh feature to redirect a page ***to itself***. Unlike the basic refresh, this causes the page to occupy the last two spots in your browsing history rather than only the current one. So when you hit the “back” button, it just goes back to the same page.

It’s a little more complicated than that, but that’s the gist of it.

There are two or three methods most of them are cracked down by browser developers but some are still possible:

1. Quick redirect – You go to page A that quickly redirects you to page B. If you go back you end up on page A which in turn quickly sends you to page B. Quickly tapping back twice (or right click and choose one you want to go back to) can defeat this.
2. Using javascript – there s a browser API that allows your action on page to change history without reloading the page. That’s how some “webapps” can work. But malicious website can push a lot of “state” onto the history. This one is harder to defeat and usually you need to close the tab.

The link to their website is actually just a script that forwards you to the website. If you watch the URL you’ll see it change twice.

You click Back, but now your back on the script which then forwards you to the website.

It’s obviously a security flaw when sites do that but normally it’s done to maliciously trap you in an unsafe site or advertisement hell; or to avoid issues with repeating certain tasks. If a website goes from state A to B after an operation, but causes errors if you repeat the operation, a (poor) workaround is to prevent the navigation to the page where you performed the operation. Of course it isn’t flawless, specially if you can just retype the url on the search bar.
How they do it, normally you can manipulate the history by adding a blank or redirection page so that you never land where you were before

While all of these contents are good, the real answer lies in the coding of the page you are on. The programming. Every thing on the page is an object that can be controlled by the programmer who codes it. Like “Button 1.text = ‘BACK'” would make the button contain the word “BACK”. Buttons, links and other objects can also be turned on and off.

“Button1.Acitve = NO” would tell the computer that this button is not active and clicking it will do nothing. Usually the programmer will also include code to “grey” or dim the appearance of the button to clue you that it is not available.

I started programming in 1969, before we HAD buttons and stuff. The coding I used here is not real, just examples.

If your website is a “single-page web application” style, then pushing the back button would cause your browser to completely leave the application (and possibly losing all data inside). Since this is a common use-case, websites have the ability to override the back button functionality, at least to some extent.

This is in addition to the redirecting shenanigans listed in the other answers.

Not, an answer, but does anyone know why some legitimate websites do this? Always assumed it was a programming mistake, because it feels frustrating and unprofessional.

Web dev here:
There’s different kinds of redirects. There’s a “normal” one what gives you ability to go back and forth. And then there’s “replace”, which basically replaces the URL with a new one. Sometimes it is needed for UX. Like if you’re doing a test and accidentally clicked some hotkey to go backwards, your test might fail. To prevent this we would open the test in a new tab and won’t let user to go backwards.