As section 2.4.3 of the P3P specification states, requests for policy reference files fall into a "safe zone." The P3P specification states that the client should transmit very minimal identifying information about the user. In particular, the specification states:
User agents MAY also wish to refrain from sending user agent information or cookies accepted in a previous session on 'safe zone' requests.Internet Explorer abides by this recommendation and does not transmit authentication credentials to a server when it performs P3P policy reference requests. However, authenticating proxy servers do not abide by the safe zone recommendation and thus reject the attempt by Internet Explorer to request a policy reference without credentials.
There is no known workaround at this time. The suggestion by the World Wide Web Consortium (W3C) to put policies in a well-known location does not apply. A proxy requires verification for any file that is requested from the remote server, regardless of location.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Steps to Reproduce BehaviorNOTE: To reproduce this behavior, Internet Explorer must direct requests through a proxy that demands user authentication.
- Open Internet Explorer 6.0, and then browse to http://www.microsoft.com/. If your proxy server uses Windows NT Challenge/Response (NTLM) authentication, Internet Explorer automatically supplies your username and password; otherwise, Internet Explorer prompts you for this information.
- After the page appears, click Privacy Report on the View menu.
For more information, refer to the following World Wide Web Consortium (W3C) Web site:
The Platform for Privacy Preferences 1.0 (P3P1.0) SpecificationFor more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:
Article ID: 313558 - Last Review: Jun 19, 2014 - Revision: 1