Skip Links

Setting up an e-commerce privacy policy

Dr. Internet By Steve Blass, Network World
June 16, 2003 12:02 AM ET
Steve Blass
  • Print
. What's this?

Some newer browsers block our e-commerce site's cookies because we don't have a compact privacy policy. How do we implement one?

Compact privacy policies are part of the World Wide Web Consortium's Platform for Privacy Preference (P3P) specification.

In P3P 1.0, compact policies describe privacy policies for cookies through additional HTTP headers sent to the browser along with the cookies. P3P headers point to the URL of the site's P3P Policy Reference file and deliver the compact privacy policy as a space-delimited string of tokens. Both can be sent in one header. P3P headers should be sent before Set-Cookie headers.

To implement compact policies, you need a P3P Policy file, a P3P Policy Reference file, and the ability to serve P3P headers to browser clients. The Policy and Policy Reference files are machine-readable XML files. See this site for links to P3P Policy Generators.

Related Content

Methods to add a P3P header before your Set-Cookie headers can vary. The headers should resemble the following:

P3P: policyref="/w3c/p3p.xml"P3P: CP="ALL DSP COR CURa ADMa OUR NOR IND UNI COM NAV INT"

The XML files can reside on a different server. The P3P headers must be sent by the server that sets the cookies.

Read more about software in Network World's Software section.

  • Print
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed