Server side includes are allowed with the exception of Exec which is disallowed. Although it is slightly more work (you have to spit out a header), just about anything you could do with Exec can be done with a CGI script. The reason Exec is disallowed is that, unlike CGI scripts, it is not restricted to one directory and thus it is easy to accidentally execute the wrong thing with unknown and possibly nasty consequences.
Normally, ".html" files are not parsed for SSI directives. There are two ways to tell the server to parse a file for SSI directives. If you give the file an extension of ".shtml" the server will parse the file for SSI directives. Also, if you set the user execute bit the file will be parsed for SSI directives. This is known as the Apache X-bit hack, although today it is a standard feature. To do this type
chmod u+x file.html
Cache control is no longer done with the group execute bit. This must
now be done with a ".htaccess" file. This method is far more
flexible in that not only can you specify what and what not to cache, but
you can specify how long to cache it and with what criteria. See