How to configure IIS to use Platform for Privacy Preferences (P3P)

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site:

Summary

This step-by-step article describes how to configure your Internet Information Services (IIS) Web site to support Platform for Privacy Preferences (P3P). You can view privacy policy information by using Microsoft Internet Explorer 6.0 or later versions.

NOTE: To follow the steps in this article, you must already have the following:

  • Full privacy policy for the site in an XML file, according to the P3P specification.
  • A policy reference file in XML format with a file name of P3p.xml, according to the P3P specification. This policy reference file must refer to the full privacy policy for your Web site.
  • The compact codes for the privacy policy, to be added as mini headers.
For more information about how to create the full privacy policy, policy reference, and compact codes, visit the following World Wide Web site:



For more information about full privacy policy, policy reference, and compact codes, visit the following Microsoft Developer Network (MSDN) Web site:
NOTE: Based on your privacy policy, the compact codes for your Web site may be different from the example in this article.

Configure P3P headers on an IIS Web site

For more information about how to create custom headers in IIS 7.0, visit the following Microsoft Web site:
  1. Click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager to open the Internet Services Manager (ISM).
  2. Select the Web site on which you want to implement P3P.
  3. Right-click the Web site, and then click Properties.
  4. In the Web site property sheet, click the HTTP Headers tab.
  5. In the Custom HTTP Headers box, click Add.
  6. In the Custom Header Name text box, type p3p.
  7. In the Custom Header Value text box, add your compact codes. For example, to have the following mini header for your site
     P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
    type the following in the Custom Header Value text box:
    CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
  8. Click OK two times.
  9. Open Windows Explorer, and then select the content folder for the site. For the default Web site in a default installation of IIS, select C:\Inetpub\Wwwroot.
  10. Create a new folder and name it W3c.
  11. Copy the policy reference file (P3p.xml) to the W3c folder.
  12. Copy the full privacy policy file to the designated folder, as coded in the policy reference file.

Troubleshooting

To make sure that the privacy report is served by IIS, follow these steps:
  1. Open Internet Explorer 6.0 or later.
  2. Locate the site.
  3. On the View menu, click Privacy Report.
  4. Select your site from the list.
  5. Click Summary to view the privacy report. If P3P is configured correctly, you can see the full privacy report. If you receive the following error, P3P configuration was not successful:
    Could not find a privacy policy for http://sitename. To view this site's privacy policy, contact the Web site directly.
  6. When you are finished viewing the report, click OK, and then click Close.
Proprietăți

ID articol: 324013 - Ultima examinare: 15 aug. 2008 - Revizie: 1

Feedback