compact privacy policy

From JustHumans

Jump to: navigation, search

A "Compact Privacy Policy" is an HTTP header that describes the privacy intentions of an organization.

For example, JustHumans.com adds the following header as a privacy policy: 

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

See http://www.compactprivacypolicy.org/ for more information.

In Internet Explorer, cross site cookie permissions are allowed by default if the third party has a valid "Compact Privacy Policy". The security supplied by checking for this policy is negligible. A header is easily added to any website and therefore can be forged as well. Just by having the policy, Internet Explorer assumes a third-party website isn't doing something malicious. You can see how there is no actual security supplied with this assumption.

Retrieved from "http://wiki.justhumans.com/index.php?title=compact_privacy_policy"
Personal tools