P3P Resolving cookies across domains

What is P3P?

P3P (Platform for Privacy Preferences) is a recommended standard for privacy protection published by the public to provide privacy protection for users. The idea of the P3P standard is that the privacy policy of the WEB site should inform visitors about the types of information that the site collects, what information will be provided to whom, how long the information will be retained and how much information is used, such as the site should do such as "This site will monitor the pages you visit to improve site usage" or " This site will provide you with the best possible advertising "and other statements." Users who visit the support P3P website have the right to view the site Privacy Report and then decide whether to accept cookies or use the site.

implementing Cross-domain with P3P

Different from JS cross-domain, IFRAME cross-domain and other common processing methods, by sending P3P header information to achieve cross-domain.

PHP uses the P3P protocol

Header (' p3p:cp= ' CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR "');

　　

JS using P3P protocol

Xmlhttp.setrequestheader ("P3P", ' cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" ' );

　　

ASP. NET uses the P3P protocol

HttpContext.Current.Response.AddHeader ("P3P", "cp=\" IDC DSP COR ADM DEVi taii PSA PSD Ivai ivdi CONi His our IND cnt\ "")

　　

JSP uses P3P protocol

Response.AddHeader ("P3P", "CP=IDC DSP COR ADM DEVi taii PSA PSD Ivai ivdi CONi his own IND CNT");

Policy Description

(http://www.w3.org/2002/04/P3Pv1-header.html)

Compact-policy-field = ' cp= ' "' Compact-policy '"

Compact-policy = Compact-token * ("" compact-token)

Compact-token = Compact-access |

Compact-disputes |

compact-remedies |

compact-non-identifiable |

Compact-purpose |

compact-recipient |

compact-retention |

compact-categories |

Compact-test

compact-access = "NOI" | "All" | "CAO" | "IDC" | "OTI" | "NON"

Compact-disputes = "DSP"

Compact-remedies = "COR" | "MON" | "Law"

compact-non-identifiable = "NID"

Compact-purpose = "CUR" | "ADM" [Creq] | "DEV" [Creq] | "TAI" [Creq] |

"PSA" [Creq] | "PSD" [Creq] | "IVA" [Creq] | "IVD" [Creq] |

"CON" [Creq] | "His" [Creq] | "TEL" [Creq] | "OTP" [Creq]

Creq = "a" | "I" | "O"

Compact-recipient = "our" | "DEL" [Creq] | "SAM" [Creq] | "UNR" [Creq] |

"PUB" [Creq] | "OTR" [Creq]

Compact-retention = "NOR" | "STP" | "LEG" | "BUS" | "IND"

Compact-category = "PHY" | "ONL" | "UNI" | "PUR" | "FIN" | "COM" |

"NAV" | "INT" | "DEM" | "CNT" | "STA" | "POL" |

"HEA" | "PRE" | "LOC" | "GOV" | "OTC"

Compact-test = "TST"

Concise Strategy

The common concise strategy of the P3P head is-P3p:cp=cao PSA our

The simplest notation is p3p:cp=.

Compact-access (Access): Cao-contact-and-other allow third-party cookies to read and write)
Compact-purpose (Purpose): Psa-pseudo-analysis. The purpose is to do the authentication, analysis
Compact-recipient (receptor): Our-ours declares who is the person who uses the relevant information, ours the third party itself

Browser Support Scenarios

Chrome td>

Browser	default allow third-party cookies	support P3P /td>	Disable third-party cookies, configure the effect of P3P concise policy header
IE6	no	Yes	http read-write cookie JS readable cookie first read to P3P header, JS no write cookie permission. Second time is OK (second. Direct cache.) Unless the first non-cache and read the P3P header I'll mention the solution later.) Should avoid JS writes
ie7-ie9	no	yes	HTTP, JS, can read and write freely.
FireFox	Yes	no	HTTP/JS Both non-writable
is	partially supported, trend-no	trend is http, JS readable not writable.
Safari	no	no	HTTP, JS readable non-writable You can use the post to submit a form for write operations. /td>
Opera	Yes	no	JS can read and write HTTP readable and non-writable.

Related information : http://www.w3.org/P3P/