Default compact policy in the P3P header

Default compact policy in the P3P header

WebSEAL adds a P3P header to every response in which cookies are set. The header contains a P3P Compact Policy. The policy is a sequence of terms that describe the policy regarding information contained within the cookies in the response.
The following WebSEAL configuration file entries represent the default P3P compact policy:
[p3p-header] access = none purpose = current purpose = other-purpose:opt-in recipients = ours retention = no-retention categories = uniqueid

The default configuration file entries result in a P3P header with the following contents:
P3P: CP="NON CUR OTPi OUR NOR UNI"

The following table explains the values in the default policy header:

Term Definition

NON User has no access to information either in the cookie or linked to by the cookie.

CUR Cookie helps provide the current service. The current service is the access to the protected Web site.

OTPi Cookie provides another service, to which the user has opted-in.

OUR The Web site itself is the only recipient of the cookie and the information linked to by the cookie.

NOR Neither the cookie data nor the data to which it links is retained after the user logs out or after the user session expires.

UNI Cookie uses a unique identifier representing the user, using the session ID and the user name.

Parent topic: Platform for Privacy Preferences (P3P)

Term	Definition
NON	User has no access to information either in the cookie or linked to by the cookie.
CUR	Cookie helps provide the current service. The current service is the access to the protected Web site.
OTPi	Cookie provides another service, to which the user has opted-in.
OUR	The Web site itself is the only recipient of the cookie and the information linked to by the cookie.
NOR	Neither the cookie data nor the data to which it links is retained after the user logs out or after the user session expires.
UNI	Cookie uses a unique identifier representing the user, using the session ID and the user name.