Content provided by Microsoft
As section 2.4.3 of the P3P specification states, requests for policy reference files fall into a "safe zone." The P3P specification states that the client should transmit very minimal identifying information about the user. In particular, the specification states:
User agents MAY also wish to refrain from sending user agent information or cookies accepted in a previous session on 'safe zone' requests.
Internet Explorer abides by this recommendation and does not transmit authentication credentials to a server when it performs P3P policy reference requests. However, authenticating proxy servers do not abide by the safe zone recommendation and thus reject the attempt by Internet Explorer to request a policy reference without credentials.
There is no known workaround at this time. The suggestion by the World Wide Web Consortium (W3C) to put policies in a well-known location does not apply. A proxy requires verification for any file that is requested from the remote server, regardless of location.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Steps to Reproduce Behavior
NOTE: To reproduce this behavior, Internet Explorer must direct requests through a proxy that demands user authentication.
Open Internet Explorer 6.0, and then browse to http://www.microsoft.com/. If your proxy server uses Windows NT Challenge/Response (NTLM) authentication, Internet Explorer automatically supplies your username and password; otherwise, Internet Explorer prompts you for this information.
After the page appears, click Privacy Report on the View menu.
For more information, refer to the following World Wide Web Consortium (W3C) Web site: