I've created a P3P.XML (privacy policy) for my site. I >THOUGHT< I had configured it properly:

<link rel="P3Pv1" href="w3c/p3p.xml" />

However, when I try to validate the P3P policy, I get the following error:

HTTP headers have no P3P: header.

Is there something I have to configure on the server side to send the header properly?

Tx

-R

Has ANYONE successfully implemented a p3p policy compact on their webhost?

Lets see if I can get this right

when website owners are told they need to add P3P headers to a web page, they just scratch their head and say "What is that?"

How P3P Headers really work
P3P Headers deliver the compact policy to the browser. Also included in the response headers are the cookies that are being delivered to the page. The reason the policy is delivered is so the browser knows actions to take based on the browser privacy settings.

HTTP headers can be added to a page two different ways. The first is that you can modify server files to deliver the header information to either selected pages or all pages. The second way is to use a programming language such as asp, php, perl, cold fusion etc.

To add the P3P Header using a programming language, you have to ensure it is delivered before any HTML statements. The following is an example of what the web page coding will look like if you use a programming language


<?Programming Code that adds the header information?>
<HTML>
<HEAD>
<TITLE>MyPage</TITLE>
</HEAD>
<BODY>
Information
</BODY>
</HTML>

META HTTP-EQUIV" is an HTML tag that was designed to allow you to add headers to a page. The theory is that you could add the following HTML code to your document:
<META HTTP-EQUIV="Author" CONTENT="P3Pwriter">

The browser would then make the headers look like this:
HTTP/1.1 200 OK
Date: Wed, 11 Oct 2003 01:11:50 GMT
Server: Apache/1.2.0
Last-Modified: Fri, 01 Jun 2003 11:16:44 GMT
ETag: "31f9e-620-44ca89c1"
Content-Length: 3112
Accept-Ranges: bytes
Author: P3Pwriter
Connection: close
Content-Type: text/html


Hope this helps

Thanks Troy, but I'm afraid I'm still having problems.

Currently, when I attempt to validate my P3P policy (http://validator.w3.org/p3p/20020128/p3p.pl?uri=www.keycontent.org%2F), I fail the HTTP Protocol Validation. Everything else seems to be OK. IE correctly reports the privacy information.

I'm unsure about the <meta> tag you suggested... I already have an "author" in my header information.

The P3P spec (http://www.w3.org/TR/p3pdeployment#Using_HTTP_Headers) says I can deploy my P3P policy via a <link> tag, which I am doing, so I'm not sure what I'm missing.

Thanks,
-R

try putting the link tag within the head tag

I already have included the necessary <link> statement. The validation report indicates that p3p.xml can be accessed and that it is correct. The only problem I'm having is with the HTTP Protocol Validation.

Tx

-R

I already have included the necessary <link> statement. The validation report indicates that p3p.xml can be accessed and that it is correct. The only problem I'm having is with the HTTP Protocol Validation.

Tx

-R
This is because the web server is not going to send the P3P: header to the browser. It should really be unimportant as you already have the file in the standard place, and the link tag inplace. I would suggest you simply ignore the Protocol failure part as you have the secondary method implemented.

Hmm.. when in doubt, ignore the error, eh? :rolleyes:

So this appears to be an error on the part of the validator (not taking into accound secondary implementation methods?). Thanks for the help.

-R


This is because the web server is not going to send the P3P: header to the browser. It should really be unimportant as you already have the file in the standard place, and the link tag inplace. I would suggest you simply ignore the Protocol failure part as you have the secondary method implemented.