Brief Introduction to p3p Technology

Source: Internet
Author: User
Tags ip number

Internet Explorer is used as an example. By default, Internet Explorer's privacy policy is set as follows:

(Figure 1)

Note this one:Prevent saving third-party cookies that can be used to contact you without your explicit consent.

Let's first demonstrate how this article works:

Site B .com has such a webpage: http:// B .com/WebApp_P3P/p3p.htm

The source code of this page is as follows:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

In this source code, IFRAME contains a page of site. At this time, the first site is B .com, and the third site is

The function is very simple, is to write a long-term preservation of the cookie, the Code is as follows:

<% @ Page Language = "C #" autoeventwireup = "true" %> <! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" ""> <SCRIPT runat = "server"> protected void page_load (Object sender, eventargs E) {httpcookie Hc = new httpcookie ("ghj", String. format ("AAAA _ {0 }_{ 1}", datetime. now, request. URL); HC. domain = ""; HC. expires = datetime. now. adddays (14); HC. path = "/"; response. cookies. add (HC); response. write ("aaaa ");} </SCRIPT> <HTML xmlns = ""> 

(Figure 2)

Note: As shown in figure 3, double-click the icon to view the following form.

(Figure 4)

We also write a page to get the cookie, the Code is as follows:

<%@ Page Language="C#" AutoEventWireup="true" %><!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" ""><script runat="server">    protected void Page_Load(object sender, EventArgs e)    {        if (Request.Cookies.AllKeys.Contains<string>("ghj"))            this.Label1.Text = Request.Cookies["ghj"].Value;        else            this.Label1.Text = "null";    }</script>

We first visit the http:// B .com/WebApp_P3P/p3p.htm; then visit the page and we will find that there is no cookie.

Similarly, we use the following methods to create cookies on a third-party website.

<SCRIPT src = ""> </SCRIPT>  <! -- No third-party website can write cookies as long as it is accessed by any third-party website. Here we only list several common methods -->

In the above demonstration, you can also perform this operation on your local machine. You only need to make the following modifications:

Run the following command notepad C:/Windows/system32/Drivers/etc/hosts to open the hosts file. Make sure that the following two lines are added to the hosts file: B .com

What if I solve this problem?

A very simple solution is to modify the file and add the following line of code in it:



This line of code is a simple p3p application. What is p3p?

P3p (Platform for privacy preferences) is a privacy protection recommendation standard published by W3C (World Wide Web Consortium. Microsoft Internet Explorer 6 (IE6) is the first browser to support this new privacy standard. Firefox does not currently support the p3p security feature. With p3p, you can set the browser to automatically detect whether a website collects personal identity information, use this information to create user files, or allow visitors to reject data collection.

A Browser With the p3p capability has some default options available for you to choose from. You can also customize your settings by answering questions (for example, which data you are willing to share and what types of cookie files you are willing to accept. When you browse the Web, the software determines whether your privacy preferences match the website's data collection practices.

Browsers with p3p capabilities will pay special attention to cookies. Cookie is a piece of text stored on your computer's hard disk. It allows web applications to respond to you in an individual way. By collecting and memorizing your preference information, web applications can modify their operating modes based on your needs, interests, and dislikes. Using a browser with p3p capabilities, you can choose whether to accept various types of cookies, such as staged (temporary), permanent, within or outside the specified domain (third-party ), and whether there are any special "p3p Compact Policy" files. The simplified p3p policy describes the attributes of a given cookie.

For the above, Internet Explorer is reflected in the setting of browser privacy in the first figure in this article. In the further settings, in figure 4, we select the site and click the summary button to view the following information:

(Figure 5) Select the site and click the summary button.

(Figure 6) Privacy Policy Adjustment window


Technically, p3p includes two components: one on the server side and the other on the client side to form a user proxy. When a user logs on to the website, the server component automatically generates an XML-based personal processing policy for the user according to the requirements of the website. This is like a public notice posted outside the shop window, the client component provides this "Public Notice" to users.

In the above example, what is the meaning of Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor in the Privacy Policy. Fiddler is easy to know. In Fiddler, we can see the following information:

Response sets a cookie:

Set-COOKIE: ghj = aaaa_2009/11/27 15:55:56 _; domain =; expires = Fri, 11-dec-2009 07:55:56 GMT; Path =/

P3p header is present:

CP = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor"

Compact Policy token is present. A trailing 'O' means opt-out, a trailing 'I' means opt-in.


Information is used to complete the activity for which it was provided.


Information may be used for the technical support of the web site and its computer system.


Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.


Information may be used to create or build a record of a particle individual or computer that is tied to a pseudo donymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. this profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.


Information may be used to create or build a record of a particle individual or computer that is tied to a pseudo donymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. this profile will be used to determine the habits, interests, or other characteristics of individuals to make a demo-that directly affects that individual, but it will not be used to attempt to identify specific individuals.


We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.


Info is retained under a service provider's stated business practices. sites must have a retention policy that establishes a destruction time table. the retention policy must be pinned in or linked from the site's human-readable privacy policy.


Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include Identifiers issued by a Web site or service.


Information actively generated by the purchase of a product or service, including information about the method of payment.


Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.


Data about an individual's characteristics -- such as gender, age, and income.


Mechanic ISMs for maintaining a stateful session with a user or automatically recognizing users who have visited a particle site or accessed particle content previusly -- such as HTTP cookies.


Data about an individual's likes and dislikes -- such as favorite color or musical tastes.


Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.


Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.


Other types of data not captured by the above definitions.


Web site does not collected identified data.


The Privacy Policy contains disputes elements.


Errors or wrongful actions arising in connection with the privacy policy will be remedied by the Service.

Validate at:

Learn more: Id = p3pinfo

P3p this HTTP header has a lot of combinations of writing, it is very painful to write, through the following connection you can find some p3p Policy Generator software package. (Although you may find more search results on Google, it seems that only IBM's p3p Policy Editor is available for free .)



The development site (ASP. NET development server) that comes with Visual Studio does not support this function. It reports an error: this operation requires IIS integrated pipeline mode.



Use p3p to solve third-party Cookie Access Problems


IBM p3p Policy Editor


How to configure IIS to use platform for privacy preferences (p3p)


How to deploy p3p privacy policies on your web site

The (vs.85). aspx

Add a custom HTTP Response Header (IIS 7)

Http:// (ws.10). aspx

Private parameter selection platform-p3p (about cookies)


Use p3p


Use p3p header to solve IFRAME cross-origin access Cookie/session


Use p3p to pass cookie across domains


Use p3p to solve cookie cross-origin problems in IFRAME


Set the p3p header to implement cross-origin access cookie




Cookie, IFRAME, and p3p


Firefox help: Firefox's cookie options


IE session loss: IFRAME loss in IE


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.