-
Notifications
You must be signed in to change notification settings - Fork 0
/
p3p_platform_privacy_project_headers.txt
39 lines (34 loc) · 2.55 KB
/
p3p_platform_privacy_project_headers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
P3P (Platform for Privacy Preferences Project) header, which was a protocol allowing websites to declare their privacy
policies in a standardized format that could be automatically processed by browsers.
This was intended to enable users to understand how websites collect and use their information
without having to read through the entire privacy policy document.
Here's a breakdown of the components of the P3P header you provided:
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml": This specifies the URL of the XML document where the site's
P3P policy is defined. For the given example, https://policies.yahoo.com/w3c/p3p.xml would be the location where Yahoo's
P3P policy is located. This XML document contains detailed information on the website's data collection practices in a
machine-readable format.
CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi ...": This is the compact policy,
a summarized version of the full P3P policy. It consists of tokens that represent different aspects of the website's
privacy practices. The tokens are abbreviations for specific privacy-related concepts and practices. Here's what some
of the tokens typically stand for:
CAO: Access is given to contact and other information.
DSP: The privacy policy is in disagreement with the policy that the service adheres to.
COR: Unspecified corrective action is available.
CUR: The data is used for completing the current activity.
ADM: The data is used for site administration.
DEV: The data is used for research and development.
TAI: The data is used for tailoring the site.
PSA: The data is used for pseudo-analysis.
PSD: The data is used for pseudo-decision.
IVAi: Information about the user's activity is collected for internal use.
IVDi: Information about the user that is not related to the user's activities is collected for internal use.
CONi: Information is collected about the user's content for internal use.
TELo: Information about the user as a telecommunications service subscriber is collected.
OTPi: Other purposes for which data is collected.
OUR: The data is shared within the organization.
DELi: Information is collected for the purpose of delivery.
SAMi: Information is collected for the purpose of site analysis and maintenance.
OTRi: Information is collected for other reasons.
UNRi: The data use is not declared.
That the P3P standard has largely been abandoned by modern web browsers and is no longer actively supported.
However, some websites might still include P3P headers for legacy reasons or to comply with specific legal requirements.