diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 70de3840..481f2d4b 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -18,7 +18,6 @@ from .cfg import flagdescs, permdescs, vf_bmap, vf_cmap, vf_vmap
 from .pwhash import PWHash
 from .util import (
     IMPLICATIONS,
-    META_NOBOTS,
     SQLITE_VER,
     UNPLICATIONS,
     UTC,
@@ -1661,13 +1660,6 @@ class AuthSrv(object):
                 if not vol.flags.get("robots"):
                     vol.flags["norobots"] = True
 
-        for vol in vfs.all_vols.values():
-            h = [vol.flags.get("html_head", self.args.html_head)]
-            if vol.flags.get("norobots"):
-                h.insert(0, META_NOBOTS)
-
-            vol.flags["html_head"] = "\n".join([x for x in h if x])
-
         for vol in vfs.all_vols.values():
             if self.args.no_vthumb:
                 vol.flags["dvthumb"] = True
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 5b8a15c5..15dd030d 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -170,16 +170,12 @@ class HttpCli(object):
         self.can_dot = False
         self.out_headerlist: list[tuple[str, str]] = []
         self.out_headers: dict[str, str] = {}
-        self.html_head = " "
         # post
         self.parser: Optional[MultipartParser] = None
         # end placeholders
 
         self.bufsz = 1024 * 32
-        h = self.args.html_head
-        if self.args.no_robots:
-            h = META_NOBOTS + (("\n" + h) if h else "")
-        self.html_head = h
+        self.html_head = ""
 
     def log(self, msg: str, c: Union[int, str] = 0) -> None:
         ptn = self.asrv.re_pwd
@@ -231,8 +227,6 @@ class HttpCli(object):
             "Vary": "Origin, PW, Cookie",
             "Cache-Control": "no-store, max-age=0",
         }
-        if self.args.no_robots:
-            self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
 
         if self.is_banned():
             return False
@@ -506,6 +500,7 @@ class HttpCli(object):
 
                 if idp_usr in self.asrv.vfs.aread:
                     self.uname = idp_usr
+                    self.html_head += "<script>var is_idp=1</script>\n"
                 else:
                     self.log("unknown username: [%s]" % (idp_usr), 1)
                     self.uname = "*"
@@ -559,6 +554,10 @@ class HttpCli(object):
 
         self.s.settimeout(self.args.s_tbody or None)
 
+        if "norobots" in vn.flags:
+            self.html_head += META_NOBOTS
+            self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
+
         try:
             cors_k = self._cors()
             if self.mode in ("GET", "HEAD"):
@@ -3390,6 +3389,8 @@ class HttpCli(object):
             self.reply(zb, mime="text/plain; charset=utf-8")
             return True
 
+        self.html_head += self.vn.flags.get("html_head", "")
+
         html = self.j2s(
             "splash",
             this=self,
@@ -3839,11 +3840,9 @@ class HttpCli(object):
         e2d = "e2d" in vn.flags
         e2t = "e2t" in vn.flags
 
-        self.html_head = vn.flags.get("html_head", "")
-        if vn.flags.get("norobots") or "b" in self.uparam:
+        self.html_head += vn.flags.get("html_head", "")
+        if "b" in self.uparam:
             self.out_headers["X-Robots-Tag"] = "noindex, nofollow"
-        else:
-            self.out_headers.pop("X-Robots-Tag", None)
 
         is_dir = stat.S_ISDIR(st.st_mode)
         fk_pass = False
diff --git a/copyparty/util.py b/copyparty/util.py
index 3be6c9c3..890fee05 100644
--- a/copyparty/util.py
+++ b/copyparty/util.py
@@ -186,7 +186,7 @@ else:
 
 SYMTIME = sys.version_info > (3, 6) and os.utime in os.supports_follow_symlinks
 
-META_NOBOTS = '<meta name="robots" content="noindex, nofollow">'
+META_NOBOTS = '<meta name="robots" content="noindex, nofollow">\n'
 
 FFMPEG_URL = "https://www.gyan.dev/ffmpeg/builds/ffmpeg-git-full.7z"
 
diff --git a/copyparty/web/browser.js b/copyparty/web/browser.js
index 479d9469..fad6c764 100644
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
@@ -6634,7 +6634,7 @@ function apply_perms(res) {
 
 	ebi('acc_info').innerHTML = '<span id="srv_info2"><span>' + srvinf +
 		'</span></span><span' + aclass + axs + L.access + '</span>' + (acct != '*' ?
-			'<a href="' + SR + '/?pw=x">' + L.logout + acct + '</a>' :
+			'<a href="' + SR + '/?pw=x">' + (window.is_idp ? '' : L.logout) + acct + '</a>' :
 			'<a href="?h">Login</a>');
 
 	var o = QSA('#ops>a[data-perm]');
diff --git a/copyparty/web/splash.js b/copyparty/web/splash.js
index d4195833..5d529731 100644
--- a/copyparty/web/splash.js
+++ b/copyparty/web/splash.js
@@ -49,6 +49,15 @@ for (var k in (d || {})) {
 			o[a].setAttribute("tt", d[k]);
 }
 
+try {
+	if (window.is_idp) {
+		var z = ['#l+div', '#l', '#c'];
+		for (var a = 0; a < z.length; a++)
+			QS(z[a]).style.display = 'none';
+	}
+}
+catch (ex) { }
+
 tt.init();
 var o = QS('input[name="cppwd"]');
 if (!ebi('c') && o.offsetTop + o.offsetHeight < window.innerHeight)
diff --git a/docs/TODO.md b/docs/TODO.md
index 7a9ccf1a..ce73b281 100644
--- a/docs/TODO.md
+++ b/docs/TODO.md
@@ -10,7 +10,6 @@ a living list of upcoming features / fixes / changes, very roughly in order of p
 * [github issue #62](https://github.com/9001/copyparty/issues/62) - IdP / single-sign-on powered by a local identity provider service which is possibly hooked up to ldap or an oauth service
   * persist autogenerated volumes for db-init + nullmapping on next startup (`_map_volume` += `only_if_exist`)
   * sanchk that autogenerated volumes below inaccessible parent
-  * disable logout links if idp detected
 
 * download accelerator
   * definitely download chunks in parallel