[w3.org...]

[p3ptoolbox.org...]

[w3.org...]

I need someone to do it for me but rather that I need to ask some questions for troubleshooting some issues.

Sure thing mate! We are all here to help you. Fire away your questions.

Step 1-3: Policy URI check
/w3c/p3p.xml has some warnings or errors.
Error: The target document does NOT include an appropriate element for the P3P policy indicated at line 4

The error was not in /w3c/p3p.xml, but rather in the file it references - /w3c/Privacy.xml.

I tried to open that file and the browser crashed with an error stating:

Whitespace is not allowed at this location. Error processing resource 'http://www.example.com/w3c/Privacy.xml'. Line 26, ...

For instance, web server log files are generated & analyzed to determine what geographic region visitors are coming from...

I guess there is a bug in p2p generator and it forgot to escape the ampersand (...generated & analyzed...). Since it's XML - you need to escape all the special characters. So you should write & as &

Step 2: HTTP Protocol Validation ( HTTP headers )
HTTP headers have no P3P: header.

That's not an error. HTTP headers are optional.

Step 3: HTML File Validation
HTML document has no P3P compliant link tags.
Message: No valid P3P compliant <link> element.

From what I understand from w3c specs [w3.org] that part is also optional if you place the policy files in a "well known location", which I guess means a "default location".

A quote from w3c specs:

Place the policy reference file in the location selected. This will either be in the well-known location, if using that deployment method, or the location given by the P3P header, or the location given in the HTML <link> tag which points to the policy reference file.

Hi Moltar;

Thanks for the reply! I lost track of this thread because it disappeared for a while. I tried to find it over a couple of days but it was under review so I finally concluded it must have been deleted...but here it is :-)

I edited the Privacy.html file and changed the & to &amp but it still coughs with the same error. Also, if I access it manually like you did I get the same error.

Any ideas before I try and address the other things you mentioned?

I just checked your site and the & is still there. Did you forget to upload the updated file?

Heck. Somebody beat me to the P3P matter, sorry for starting a second thread. -Larry

Well that's wierd. I did change it and I did upload it but maybe I didn't save it before uploading it? My brain must be fried :-0

The good news is that it now completes the validation! Thanks guys - that makes me feel a lot better.

I'd like to have as many of the optional steps enabled as possible. With regards to;

HTTP headers have no P3P: header.

My question would be, can I use these headers (I don't even know what they are) if I am on a shared server with a generic host - or does that make it impossible?

I doubt you can change anything on a shared host. But you can have a look at the w3c p3p specs [w3.org] with regards to specific server implementation.

But as I said - it's really optional. I doubt there are any applications out there that would take a note of such headers. Your best bet is <link> tag in the <head> section of the HTML file.

Hi Moltar;

I took a look through those links above to see how to implement the links tag in the HTML file but I don't really understand it - nor could I find info on it.

Does this mean I need to modify all my html files with a piece of code? If so, what would that code be?

Sorry for all the dumb questions but I'm not that smart about this whole P3P deal. All I know is that I need my site to tell IE to accept 3rd party cookies - and that's just part of the equation for me.

Arghhh.... Never mind :-)

I just saw that one of the links did actually talk about how to implement the link tag on the HTML files!

I was just so busy looking at the section on how to imlpement it with headers that I couldn't see the forest through the trees.....Sorry about that :-)

Hi Moltar;

I think I got it! Both my site and the system that issues tracking cookies pass the P3P validation - and not only that but I tested it myself and unless I have IE set to the very highest security setting I receive the cookies.

It'll actually work right to the second highest setting (the highest blocks all cookies no matter what).

Thanks VERY much for your help - I couldn't have done it without it :-)

Best & Thanks;
Marvin