Exportar (0) Imprimir
Expandir Tudo
EN
Este conteúdo não está disponível em seu idioma, mas aqui está a versão em inglês.

How to Create a Customized Privacy Import File

Customized privacy settings can be imported into Windows Internet Explorer using the XML syntax described in this overview.

Customizing the Internet Explorer Privacy Settings

Privacy settings specify how Internet Explorer handles cookies. Internet Explorer makes decisions on cookies based on a number of factors including user preferences and the existence and content of a Web service's privacy policy. For most users, Microsoft Internet Explorer 6 default privacy settings provides enough privacy protection without disrupting the browsing process. However, privacy settings can be customized through a variety of dialog boxes reachable from the Privacy tab in Internet Options on the Tools menu. Additionally, if the user chooses, privacy settings can be specified by importing custom settings using the XML syntax described in this overview. This is the only way that a user or Web service can directly specify rules for interpreting and acting on a cookie's compact policy.

Note  This article assumes a familiarity with the Platform for Privacy Preferences (P3P) standard and the privacy features of Internet Explorer. Consult Privacy in Internet Explorer 6 to learn more about the privacy features in Internet Explorer. The Internet Explorer privacy features are based upon standards being designed by the World Wide Web Consortium (W3C). For a description of compact policies and definitions of the compact policy tokens, see the W3C: Platform for Privacy Preferences (P3P) Project specification.

What follows is a brief discussion of how to create a custom privacy settings import file. For detailed descriptions of the custom privacy policy XML elements, see XML Elements for Custom Privacy Import Files.

MSIEPrivacy

The MSIEPrivacy element is the XML document root, the outermost element of a custom privacy policy. Underneath this element are two optional children, MSIEPrivacySettings and MSIESiteRules. MSIEPrivacySettings is used to specify default actions on cookies, and MSIESiteRules specifies actions on a per-site basis.

The following example shows the basic XML structure of a custom privacy settings file. The formatVersion attribute is required and specifies the version of Internet Explorer to which these rules apply.

Note  For Internet Explorer 6, the MSIESiteRules must be set to 6 and not 6.0. Comments are also not allowed in the custom privacy settings file.


<MSIEPrivacy>
<MSIEPrivacySettings formatVersion="6">
 ... child elements ...
</MSIEPrivacySettings>
<MSIESiteRules formatVersion="6">
 ... child elements ...
</MSIESiteRules>
</MSIEPrivacy>


MSIEPrivacySettings

The content of the MSIEPrivacySettings specifies cookie actions as a function of security zone, Web page context (first-party versus third-party), type (session versus persistent cookie) and the content of a cookie's P3P compact policy.

Note  Compact policies are required of cookies as of Internet Explorer 6 and are made up of three-letter tokens that describe the privacy practices associated with that cookie. See the W3C: Platform for Privacy Preferences (P3P) Project specification for a description of compact policies and definitions of the compact policy tokens.

The MSIEPrivacySettings element has four children, p3pCookiePolicy, alwaysReplayLegacy, flushCookies, and flushSiteList. These elements must be specified in this order.

Specifying the alwaysReplayLegacy element allows all legacy cookies (cookies that existed when Internet Explorer was installed) to be sent. If nothing is specified, legacy cookies are sent only in first-party context (that is, they are leashed). Specifying the flushCookies element deletes all cookies when these customized privacy settings are imported. Specifying the flushSiteList element deletes all per-site decisions when these customized privacy settings are imported.

The p3pCookiePolicy element specifies rules for handling cookies by security zone. Given a security zone, cookie actions are further defined for first-party and third-party cookies using the firstParty and thirdParty elements. These elements both have three required attributes ? noPolicyDefault, noRuleDefault, and alwaysAllowSession. The noPolicyDefault attribute specifies the cookie action for a cookie with no compact policy. The noRuleDefault attribute specifies the cookie action for a cookie when none of the custom rule expressions evaluate to true when applied to the cookie's compact policy. Set the alwaysAllowSession attribute to "yes" to always accept session cookie. If alwaysAllowSession is set to "no", session cookie are evaluated in the same way as persistent cookie.

The following table lists acceptable cookie actions.

ActionDescription
acceptAccept cookies.
promptPrompt the user.
forceFirstPartyLeash cookies so that they are only sent in a first-party context.
forceSessionConvert persistent cookies (cookies that have an expiration time independent of when browser session cookie ends) to session cookies (cookies that expire when browser session cookie ends).
rejectReject cookies.

 

What follows is an example MSIEPrivacySettings statement that specifies rules for handling first- and third-party cookies and states that legacy cookies should always be sent.


<MSIEPrivacySettings formatVersion="6">
<p3pCookiePolicy zone="internet">
<firstParty noPolicyDefault="reject" noRuleDefault="accept" alwaysAllowSession="yes">
      <if expr="TEL" action="reject"></if>
      <if expr="FIN,CON" action="forceSession"></if>
      <if expr="FIN,CONa" action="forceSession"></if>
      <if expr="GOV,PUB" action="forceSession"></if>
</firstParty>
<thirdParty noPolicyDefault="accept" noRuleDefault="accept" alwaysAllowSession="yes">
</thirdParty>
</p3pCookiePolicy>
<alwaysReplayLegacy/>
</MSIEPrivacySettings>

Some compact tokens such as CON can include an opt-in, opt-out, or always attribute and therefore, produce different forms of a compact token (CON, CONa, CONi, CONo). You must explicitly specify all the forms you want to intercept in an expression. For example, expr="FIN,CON" does not intercept a compact policy with the tokens "FIN" and "CONa".

The following expression evaluates to true if a compact policy contains the tokens FIN and CONa.


expr="FIN,CONa"

The exclamation point (!) acts as a NOT operator in expressions. The following expression evaluates to true if a compact policy contains the token CON and does not contain the token OTR.


expr="CON,!OTR"

Rules are evaluated in the order they are defined in the customized import policy. The first expression to evaluate to true defines the cookie action taken.

MSIESiteRules

The MSIESiteRules element specifies cookie actions on a per-site basis. For each site, the cookie action can be set to accept or reject.

What follows is an example of an MSIESiteRules statement that specifies to accept all cookies from www.BlueYonderAirlines.com.


<MSIESiteRules formatVersion="6">
<site domain="www.BlueYonderAirlines.com" 
    action="accept">
</site>
</MSIESiteRules>

Putting It All Together

Putting these pieces together creates the following custom privacy policy.


<MSIEPrivacy>
<MSIEPrivacySettings formatVersion="6">
<p3pCookiePolicy zone="internet">
<firstParty noPolicyDefault="reject" noRuleDefault="accept" alwaysAllowSession="yes">
      <if expr="TEL" action="reject"></if>
      <if expr="FIN,CON" action="forceSession"></if>
      <if expr="FIN,CONa" action="forceSession"></if>
      <if expr="GOV,PUB" action="forceSession"></if>
</firstParty>
<thirdParty noPolicyDefault="accept" noRuleDefault="accept" alwaysAllowSession="yes">
</thirdParty>
</p3pCookiePolicy>
<alwaysReplayLegacy/>
</MSIEPrivacySettings>
<MSIESiteRules formatVersion="6">
<site domain="www.BlueYonderAirlines.com" 
    action="accept">
</site>
</MSIESiteRules>
</MSIEPrivacy>

A Real Example: Microsoft's Medium Setting

The following example shows how Internet Explorer filters cookies when the privacy preferences slider is set to Medium.


<?xml version="1.0" encoding="UTF-8"?>
<MSIEPrivacy>
<MSIEPrivacySettings formatVersion="6">

  <p3pCookiePolicy zone="internet">
  
    <firstParty noPolicyDefault="forceFirstParty" noRuleDefault="accept" alwaysAllowSession="yes">
      <if expr="PHY,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if>
      <if expr="ONL,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if>
      <if expr="GOV,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if> 
      <if expr="FIN,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if> 
      <if expr="PHY,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="ONL,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="GOV,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="FIN,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      							

      <if expr="PHY,SAM" action="forceSession"></if>
      <if expr="PHY,DEL" action="forceSession"></if>
      <if expr="PHY,OTR" action="forceSession"></if>
      <if expr="PHY,UNR" action="forceSession"></if>
      <if expr="PHY,PUB" action="forceSession"></if>
      <if expr="PHY,CUS" action="forceSession"></if>  
      <if expr="PHY,IVA" action="forceSession"></if>  
      <if expr="PHY,IVD" action="forceSession"></if>    
      <if expr="PHY,CON" action="forceSession"></if>
      <if expr="PHY,TEL" action="forceSession"></if>
      <if expr="PHY,OTP" action="forceSession"></if>
      
      <if expr="ONL,SAM" action="forceSession"></if>
      <if expr="ONL,DEL" action="forceSession"></if>
      <if expr="ONL,OTR" action="forceSession"></if>
      <if expr="ONL,UNR" action="forceSession"></if>
      <if expr="ONL,PUB" action="forceSession"></if>
      <if expr="ONL,CUS" action="forceSession"></if>  
      <if expr="ONL,IVA" action="forceSession"></if>  
      <if expr="ONL,IVD" action="forceSession"></if>    
      <if expr="ONL,CON" action="forceSession"></if>
      <if expr="ONL,TEL" action="forceSession"></if>
      <if expr="ONL,OTP" action="forceSession"></if>
      
      <if expr="GOV,SAM" action="forceSession"></if>
      <if expr="GOV,DEL" action="forceSession"></if>
      <if expr="GOV,OTR" action="forceSession"></if>
      <if expr="GOV,UNR" action="forceSession"></if>
      <if expr="GOV,PUB" action="forceSession"></if>
      <if expr="GOV,CUS" action="forceSession"></if>  
      <if expr="GOV,IVA" action="forceSession"></if>  
      <if expr="GOV,IVD" action="forceSession"></if>    
      <if expr="GOV,CON" action="forceSession"></if>
      <if expr="GOV,TEL" action="forceSession"></if>
      <if expr="GOV,OTP" action="forceSession"></if>
      
      <if expr="FIN,SAM" action="forceSession"></if>
      <if expr="FIN,DEL" action="forceSession"></if>
      <if expr="FIN,OTR" action="forceSession"></if>
      <if expr="FIN,UNR" action="forceSession"></if>
      <if expr="FIN,PUB" action="forceSession"></if>
      <if expr="FIN,CUS" action="forceSession"></if>  
      <if expr="FIN,IVA" action="forceSession"></if>  
      <if expr="FIN,IVD" action="forceSession"></if>    
      <if expr="FIN,CON" action="forceSession"></if>
      <if expr="FIN,TEL" action="forceSession"></if>
      <if expr="FIN,OTP" action="forceSession"></if>
    
    </firstParty>
    
    <thirdParty noPolicyDefault="reject" noRuleDefault="accept" alwaysAllowSession="no">
    
      <if expr="PHY,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if>
      <if expr="ONL,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if>
      <if expr="GOV,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if> 
      <if expr="FIN,!CUR, !ADM, !DEV, !CUS, !TAI, !PSA, !PSD, !IVA, !IVD, !CON, !HIS, !TEL, !OTP,!CURi,!ADMi,!DEVi,!CUSi,!TAIi,!PSAi,!PSDi,!IVAi,!IVDi,!CONi,!HISi,!TELi,!OTPi,!CURo,!ADMo,!DEVo,!CUSo,!TAIo,!PSAo,!PSDo,!IVAo,!IVDo,!CONo,!HISo,!TELo,!OTPo" action="reject"></if> 
      <if expr="PHY,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="ONL,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="GOV,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      <if expr="FIN,!DEL, !SAM, !UNR, !PUB, !OTR, !OUR, !DELi,!SAMi,!UNRi,!PUBi,!OTRi,!DELo,!SAMo,!UNRo,!PUBo,!OTRo" action="reject"></if>
      							
      <if expr="PHY,SAM" action="reject"></if>
      <if expr="PHY,DEL" action="reject"></if>
      <if expr="PHY,OTR" action="reject"></if>
      <if expr="PHY,UNR" action="reject"></if>
      <if expr="PHY,PUB" action="reject"></if>
      <if expr="PHY,CUS" action="reject"></if>  
      <if expr="PHY,IVA" action="reject"></if>  
      <if expr="PHY,IVD" action="reject"></if>    
      <if expr="PHY,CON" action="reject"></if>
      <if expr="PHY,TEL" action="reject"></if>
      <if expr="PHY,OTP" action="reject"></if>
      
      <if expr="ONL,SAM" action="reject"></if>
      <if expr="ONL,DEL" action="reject"></if>
      <if expr="ONL,OTR" action="reject"></if>
      <if expr="ONL,UNR" action="reject"></if>
      <if expr="ONL,PUB" action="reject"></if>
      <if expr="ONL,CUS" action="reject"></if>  
      <if expr="ONL,IVA" action="reject"></if>  
      <if expr="ONL,IVD" action="reject"></if>    
      <if expr="ONL,CON" action="reject"></if>
      <if expr="ONL,TEL" action="reject"></if>
      <if expr="ONL,OTP" action="reject"></if>
      
      <if expr="GOV,SAM" action="reject"></if>
      <if expr="GOV,DEL" action="reject"></if>
      <if expr="GOV,OTR" action="reject"></if>
      <if expr="GOV,UNR" action="reject"></if>
      <if expr="GOV,PUB" action="reject"></if>
      <if expr="GOV,CUS" action="reject"></if>  
      <if expr="GOV,IVA" action="reject"></if>  
      <if expr="GOV,IVD" action="reject"></if>    
      <if expr="GOV,CON" action="reject"></if>
      <if expr="GOV,TEL" action="reject"></if>
      <if expr="GOV,OTP" action="reject"></if>
      
      <if expr="FIN,SAM" action="reject"></if>
      <if expr="FIN,DEL" action="reject"></if>
      <if expr="FIN,OTR" action="reject"></if>
      <if expr="FIN,UNR" action="reject"></if>
      <if expr="FIN,PUB" action="reject"></if>
      <if expr="FIN,CUS" action="reject"></if>  
      <if expr="FIN,IVA" action="reject"></if>  
      <if expr="FIN,IVD" action="reject"></if>    
      <if expr="FIN,CON" action="reject"></if>
      <if expr="FIN,TEL" action="reject"></if>
      <if expr="FIN,OTP" action="reject"></if>
    
    </thirdParty>
    
  </p3pCookiePolicy>
  
</MSIEPrivacySettings>
</MSIEPrivacy>


Important Notes on Cookie Rules

  • Given a set of rules on how to handle cookies, the first rule expression to evaluate to true takes precedence and the following rules are skipped.
  • The presence of an invalid compact privacy policy token in the custom privacy settings import file cancels the import process.

Important Notes on Importing Customized Settings

  • Privacy settings cannot be imported for the Restricted and Local security zones.
  • Privacy settings not overridden by the imported custom privacy settings remain as they were at the time of import. For example, if the imported custom settings do not define privacy settings for the Internet security zone, then the existing privacy settings for this zone are retained.
  • Importing privacy preferences for a given security zone overrides all privacy preferences for that zone.
  • When the MSIESiteRules element is specified, any per-site rules that exist when the custom privacy settings are imported are deleted.
  • The import mechanism can only unleash legacy cookies. Non-legacy cookies cannot be unleashed. Also, with the exception of legacy cookies, imported privacy settings will not apply to old cookies. For this reason, you many want to delete old cookies.
  • Once custom settings are imported for the Internet security zone, selecting either the Advanced or Default buttons on the Privacy tab in Internet Options on the Tools menu removes these imported settings.
  • For information on restoring default privacy settings in Internet Explorer 6 for zones other than the Internet zone, see Knowledge Base article Q301689.

Related topics

Conceptual
Privacy in Internet Explorer
Other Resources
W3C: Platform for Privacy Preferences (P3P) Project

 

 

Mostrar:
© 2014 Microsoft