Cookies and Third Party Content - Part 2 of Chapter 5 from Web Privacy with P3P (3/4) | WebReference

Cookies and Third Party Content - Part 2 of Chapter 5 from Web Privacy with P3P (3/4)

To page 1To page 3current pageTo page 4
[previous] [next]

Web Privacy with P3P, Chapter 5: Overview and Options

Third-Party Content

IE6 considers images, frames, and other content served from a different domain than the page in which it is embedded to be third-party content. One typical case of third-party content is a banner advertisement embedded in an HTML page. If the banner ad is served from the advertising company's domain, it is considered third-party content. Companies use a variety of services--to monitor web site usage, process payments, distribute content, or provide customized services, for example--that require objects to be embedded in their web pages as third-party content. Some companies own more than one domain name ( and, for example). When content from one domain is embedded in an HTML page from another, it appears to browsers that third-party content is being served (when I talk about third-party content in this book, I am referring to content that appears to browsers to be third-party content, regardless of whether it actually is third-party content).

An entire web site can sometimes appear to be third-party content, when the site gets "framed" by another site. Some search services place their own logos and links at the top of a web page and then embed another web site in an HTML frame below it. To the user, the embedded site may appear to be the first-party site, but to the browser, the search engine is the first-party site and the embedded site is third-party content. Something similar may happen when a user uses a web-based email service to read an email that contains a web page. Web-based email services often display email messages in a frame. If someone emails you a web page (for example, a news article from an online news service), that web page becomes framed content. If the web page includes image links, your browser will fetch the images from the news service. If the news service has a different domain name than your email service, those images, and any cookies associated with them, are considered to be third-party.

There are several reasons that you need to be aware of both third-party content on your site and situations in which your site may be viewed in a third-party context.

1. A particular URL on your site is considered P3P-enabled if it is properly associated with a valid policy and policy reference file. However, if that URL is an HTML page in which images or other content are embedded, some P3P user agents may display warnings or block cookies if the embedded content is not P3P-enabled as well.

To page 1To page 3current pageTo page 4
[previous] [next]

Created: December 30, 2002
Revised: December 30, 2002