[英]Which requests should have the P3P header?
I am adding in a P3P header for privacy into a site, and was wondering if the header should be attached to HTML pages only, or to all responses (such as images, css and script)? 我正在将P3P标头添加到网站中以保护隐私,并且想知道标头应仅附加到HTML页面还是附加到所有响应(例如图像,css和脚本)?
I currently have the header attached to all responses, but wanted to confirm if this is correct? 我目前在所有回复中都附有标题,但想确认是否正确?
The P3P header should be passed back on pages that write private information, such as cookies. P3P标头应在写私有信息(如cookie)的页面上传递回来。 The header can be passed back on static resources, but I doubt IE does anything with it.
标头可以在静态资源上传递回去,但是我怀疑IE会用它做任何事情。 If you make an application-wide P3P header injection, then things should still work fine.
如果您进行应用程序范围内的P3P标头注入,那么一切仍然可以正常进行。
In my case for a Grails application in an IFRAME, I had to inject the headers early in the request cycle when the JSESSIONID was first assigned so that IE would store the cookie at the proper time. 以IFRAME中的Grails应用程序为例,我必须在第一次分配JSESSIONID时在请求周期的早期注入标头,以便IE在适当的时间存储cookie。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.