p3p policy

[stulee]

Tweet

Does anyone have any good pointers to information about p3p policies and how they will affect affiliate sales tracking on PPC and elsewhere?

I've just been in discussion with an independent merchant and it appears my sales weren't tracking through a framed link I had to their site on a subdomain, because I didn't have a P3P policy in place.

So it got me wondering about the impact generally now that IE6 is using P3P to block some cookies.

Any wisdom and advice gratefully received!

[Paul Fellows]

I dont want to bore the other members to death so I havent posted publicly but I have PM'ed you some of our thoughts on p3p, cookies etc.

[Qui Gon Jinn]

Paul,

Could you PM me too or even stick up a thread on it.

[chrisk999]

I added a p3p policy to one of my sites back early last year, and got a link from a Japanese PR8 site as a site that had 'adopted the p3p policy'!

Good idea to set one up to allow cookies on the most restrictive privacy policies in IE.

[justnozy]

I dont want to bore the other members to death so I havent posted publicly but I have PM'ed you some of our thoughts on p3p, cookies etc.

Bore us Paul - please !

[darrenw]

Originally posted by chrisk999
I added a p3p policy to one of my sites back early last year, and got a link from a Japanese PR8 site as a site that had 'adopted the p3p policy'! Good idea to set one up to allow cookies on the most restrictive privacy policies in IE.

I've realised that I don't really know much about this topic - could someone post a link to a "how to set up a p3p policy on your website" for dummies kind of guide?

Thanks,
Darren.

[Rich]

As far as I understand it, IE by default now blocks third party cookies from being set. To keep it simple a third party cookie is a cookie set on a different domain to the one shown in the address bar.

If the third party domain has a valid P3P policy then IE will let the cookie be set (on default settings)

It shouldn't really affect affiliates as if you are framing a merchants site then it is them that needs the P3P policy (though I'm not sure if a framed page would even be classed as third party or not)

When I was runing the spyware tests, I had to set a cookie on a central domain from javascript run on other affilaites sites, so to enable that to work I had to get a P3P policy set up, but I don't think its an issue to a normal affiliate.

[taramoar]

So are you suggesting merchants should make sure we've got this?

[Supercod]

It's not a bad idea to have this in place, but very important that networks or any merchant with an Indy program has got it sorted.

[Paul Fellows]

Sorry its taken so long.

There are several components which make up the full p3p policies. The most important of these for affiliate purposes are the xml policy and the compact policy.

In order for a cookie to be accepted by a p3p compliant browser such as IE6, it must have a compact policy. At present it dosent particularly matter what is in the policy, as long as it is present the cookie will be accepted. I believe that in the future the decision on whther to accept or reject a cookie will be much more based on the preferences you have set on what the information gathered can be used for and whether it will be retained or not.

This is only important when a cookie is being set by a third party site. This occurs when the site is framed (including iframes) or when a component of the page is being called from the other site such as images. If the third party site does not have a compact policy, the cookie will be rejected and a privacy error will be shown.

The contents of the compact policy should effectively be a summary of the full policy (the xml document which is optionally referenced in the compact policy).

A few weeks ago I compared some of the networks policies (apologies to Clarke, I have not deliberately excluded POR). They all ensure that cookies are accepted but they do show some differences in what is done with the data. Theses are shown below :

buy.at/
P3P: policyref="http://www.perfiliate.com/w3c/p3p.xml", CP="NOI DSP COR PSAa PSDa OUR IND UNI"

CJ
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
then:
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"

TD
P3P: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"

DGM2
P3P: CP="NID DSP COR"

You can see that most of them give a reference to the full policy from which the compact policy should have been generated.

The codes seem complex but are in fact fairly straightforward, e.g. NID stands for non-identifiable. If you want to see a full list, go to http://www.w3.org/TR/P3P/#compact_policies

[Marc Gear]

Awins:

P3P: policyref="http://www.awin1.com/w3c/p3p.xml" CP="OUR IND UNI NID DSP NOI COR"

[Paul Fellows]

Marc

Sorry about that, I didnt deliberately miss you out either.

Paul