Share via

Privacy Templates

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

A privacy template is a set of P3P policy restrictions that is used to determine whether a cookie should be accepted, rejected, downgraded, or leashed.

For more information about the P3P project, see the Platform for Privacy Preferences (P3P) Project specification at this official W3C Web site.

The following code example shows the syntax for creating a privacy template.

privacy template:
  signature rules
  signature:
    IE6-P3PV1/settings:
  rules:
    meta rule
    P3P acronym rule
    rules

Note

All tokens, P3P acronyms, and string literals are in Unicode format.

Cookie actions determine how to handle cookies. The valid values are defined in the InternetCookieState enumeration.

Cookie action Description

Accept

Accept the cookie. The cookie is stored in the persistent cache and is sent on future requests to download content from the site that set the cookie.

Prompt

Prompt the user to decide whether to accept or reject the cookie.

Block

Reject the cookie. The cookie is not stored and therefore will not be sent to the site on future requests.

P3P Acronym Rule

The following code example shows the P3P acronym rule syntax.

P3P acronym rule:
  P3P acronym =cookie action
   / P3P acronym pattern= cookie action/

The P3P acronym pattern syntax is as follows.

P3P acronym pattern:
  P3P acronym
  !P3P acronym
  P3P acronym& P3P acronym pattern
  !P3P acronym& P3P acronym pattern

The following code example shows the P3P acronym syntax.

P3P acronym:
  purposes
  recipients
  retention
  categories
  non-identifiable
  disputes section
  access
  dispute resolution
  policy is test-version

For more information about P3P acronym, see the P3P project specification.

Meta Rule

The following code example shows the meta rule syntax.

meta rule:
  nopolicy=cookie action
  ###=cookie action
  always=cookie action
  %%%=cookie action
  session=cookie action

Special rules are specified using the nopolicy, session, and always symbols. The nopolicy symbol is used to specify the action to be taken when there is no compact policy. For example nopolicy=d specifies to downgrade all cookies without a compact policy to session cookies. The session symbol is used to specify the action to take on session cookies and can only be set to a. When session=a is specified, all session cookies are accepted regardless of the content of the compact policy. If this rule is not specified, session cookies are subject to the same rules as persistent cookies. Finally, the always symbol is used to specify that the same action be performed for everything. For example, always=d specifies that all cookies be denied regardless of the existence of a compact policy.

Decision defines the action to take on a cookie for which the compact policy contains a specified token. It is a single lowercase character — a, p, l, d, or r — that corresponds to a cookie action. The following table shows the possible decision values with a description of the purpose of each.

Decision Description

a

Accept the cookie. The cookie is stored in the persistent cache and is sent on future requests to download content from the site that set the cookie.

p

Prompt the user for a decision on whether to accept or reject the cookie.

l

Leash the cookie. The cookie is accepted but it is sent only on requests to download first-party content. When requests are made for third-party content, the cookie is not sent.

d

Downgrade the cookie. Accepts the cookie but it is not stored persistently. This means that the cookie is deleted when the browsing session ends or the cookie expires, whichever comes first.

r

Reject the cookie. The cookie is not stored and therefore will not be sent to the site on future requests.

The following list describes how cookies are handled in a given scenario.

  • If the privacy template contains the meta rule always=cookie action or %%%=cookie action, then the decision is the same as the cookie action.

  • If P3P header is missing or contains an invalid compact policy, then the decision is the same as the cookie action for templates that contain the meta rule nopolicy=cookie action or ###=cookie action. Otherwise, by default, the decision is r.

  • If the compact policy matches the P3P acronym rule, then the decision is the same as the cookie action for that rule. If the policy matches more than one rule, then the decision is the cookie action with the highest precedence. If the compact policy does not match the P3P acronym rule, then the decision is a.

    Note

    The compact policy matches the P3P acronym rule if it contains all P3P acronyms specified by the rule and does not contain acronyms prefixed with ! (NOT token).

    The precedence order of decision is a, p, l, d, and r, where a has the lowest precedence and r has the highest precedence.

  • If privacy template contains the session=a meta rule, then session cookies are always accepted the P3P policy and are not evaluated. Otherwise, session cookies are treated in the same manner as persistent cookies.

Custom and Advanced Templates

The user can apply advanced privacy settings by selecting options from the Advanced Privacy Settings dialog box in the Internet Options dialog box. These settings are stored in the registry. The privacy values in the registry can be configured so that the advanced templates can be distinguished from the custom templates. Custom templates can be stored by applications by using the Privacy Functions.

For more information about the registry key value to set, see Privacy Settings in WinInet Registry Settings.

See Also

Concepts

Platform for Privacy Preferences (P3P)
Specifying Privacy Settings

Other Resources

WinInet Application Development