简体繁体 English

哪些请求应具有P3P标头？

[英]Which requests should have the P3P header?

原文 2012-12-20 07:24:48 2 1 privacy/ p3p

I am adding in a P3P header for privacy into a site, and was wondering if the header should be attached to HTML pages only, or to all responses (such as images, css and script)? 我正在将P3P标头添加到网站中以保护隐私，并且想知道标头应仅附加到HTML页面还是附加到所有响应（例如图像，css和脚本）？

I currently have the header attached to all responses, but wanted to confirm if this is correct? 我目前在所有回复中都附有标题，但想确认是否正确？

1 个解决方案

The P3P header should be passed back on pages that write private information, such as cookies. P3P标头应在写私有信息（如cookie）的页面上传递回来。 The header can be passed back on static resources, but I doubt IE does anything with it. 标头可以在静态资源上传递回去，但是我怀疑IE会用它做任何事情。 If you make an application-wide P3P header injection, then things should still work fine. 如果您进行应用程序范围内的P3P标头注入，那么一切仍然可以正常进行。

In my case for a Grails application in an IFRAME, I had to inject the headers early in the request cycle when the JSESSIONID was first assigned so that IE would store the cookie at the proper time. 以IFRAME中的Grails应用程序为例，我必须在第一次分配JSESSIONID时在请求周期的早期注入标头，以便IE在适当的时间存储cookie。

丢失P3P文件有什么含义？ - What are the implications of having a missing P3P file?

Tomcat上的土耳其urlrewrite过滤器不会设置P3P - Turkey urlrewrite filter on Tomcat will not set P3P

如果我使用自动错误报告，我必须从我的软件用户那里获得哪些许可？ - Which permission do I have to get from users of my software if I use automatic bug reporting?

有没有办法知道哪些应用程序跟踪用户？ - Is there a way to know which applications track users?

在用户必须重置密码之前，应该有多少次拒绝的登录？ - How many rejected logins should there be before a user has to reset their password?

如何确定哪个应用程序正在logcat的哪一行记录日志？ - How do I determine which app is logging what line on logcat?

可以收集哪些关于“网站第三方”的信息？ - Which kind of information can be collect about “website third parties”?

kamailio隐私标题和取消 - kamailio Privacy header and CANCEL

App Store Connect 中的 Apple App Privacy 应该如何填写？ - How should I fill out the Apple App Privacy in App Store Connect?

哪个博客软件管理多种语言的帖子，模块化隐私和自定义RSS联合组织？ - which blog software manages multiple language posts, modular privacy, and custom RSS syndication?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 丢失P3P文件有什么含义？ - What are the implications of having a missing P3P file? Tomcat上的土耳其urlrewrite过滤器不会设置P3P - Turkey urlrewrite filter on Tomcat will not set P3P 如果我使用自动错误报告，我必须从我的软件用户那里获得哪些许可？ - Which permission do I have to get from users of my software if I use automatic bug reporting? 有没有办法知道哪些应用程序跟踪用户？ - Is there a way to know which applications track users? 在用户必须重置密码之前，应该有多少次拒绝的登录？ - How many rejected logins should there be before a user has to reset their password? 如何确定哪个应用程序正在logcat的哪一行记录日志？ - How do I determine which app is logging what line on logcat? 可以收集哪些关于“网站第三方”的信息？ - Which kind of information can be collect about “website third parties”? kamailio隐私标题和取消 - kamailio Privacy header and CANCEL App Store Connect 中的 Apple App Privacy 应该如何填写？ - How should I fill out the Apple App Privacy in App Store Connect? 哪个博客软件管理多种语言的帖子，模块化隐私和自定义RSS联合组织？ - which blog software manages multiple language posts, modular privacy, and custom RSS syndication?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM