What are the implications of having a missing P3P file?
https://stackoverflow.com/questions/8039721
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I sniffed some Outbrain traffic (e.g. on CNN, find the file called "get" under "odb.outbrain.com/utils" in Chrome's network tab), and found this P3P header:
P3P:policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
The link to http://www.outbrain.com/w3c/p3p.xml returns a 404. Does this have any implications? How would browsers (IE mostly, I guess) treat a P3P header that links to a missing P3P file?
المحلول
Well, pointing to a non-existent policy file is a violation of the P3P specification, which you might consider one implication. However, popular clients (including early versions of Internet Explorer) don't actually load the full policy file or take action based on its existence or contents.
Research has shown that compact policy statements like this are common (for working around IE cookie restrictions) and very frequently don't include an actual full policy file even though one is required by the spec.
