5:14 AM 12/31/2010 Thank you for using P3PEdit to create your P3P policy. Below are instructions for implementing your P3P policy on your website. The P3P Compact Policy header string is in the body of this message. STEP ONE - UPLOAD THE p3p.xml FILE 1. Create a new root directory on your webserver named "w3c" (no quotes). 2. Upload p3p.xml to /w3c. 3. The file should now reside in http://www.re-union.org/w3c/p3p.xml. STEP TWO - ADD THE COMPACT POLICY 1. Find out the type of webserver you are using. The two most common webservers are Apache (on UNIX or Windows) and Internet Information Server (IIS - on Windows only). 2. Add the Compact Policy header string according to the directions for your webserver below. INTERNET INFORMATION SERVER 1. Open the IIS Administration Console. 2. Open the Properties screen for the webserver. 3. Click on the 'HTTP Headers' tab. 4. Click 'Add' in the 'Custom HTTP Headers' area. 5. A new window appears. 6. Type 'P3P' (without quotes) in the 'Custom Header Name' text field. 7. Copy and paste your Compact Policy header string from this file into the 'Custom Header Value' text field. It should look something like: CP="ALL DSP COR CUR ADMi IVDi HISi OUR STP UNI" (this time include the quotes) 8. Select OK and exit out of the IIS Admin. 9. When validating your P3P Policy (see below), your P3P header should look like: P3P:CP="ALL DSP COR CUR ADMi IVDi HISi OUR STP UNI" APACHE 1. For each directory that you want your Compact Policy header to be available from, you must create a file called '.htaccess' (without quotes). Note that the period at the beginning of the filename makes it invisible on your webserver. To view hidden files in an FTP session, add '-al' (without quotes) to the list command (for example: ls -al). Also note that it may be difficult to create a file named '.htaccess' on Windows systems. Instead, name the file 'htaccess', upload it and rename it to '.htaccess'. The .htaccess file will affect the directory it is placed in, and any subdirectories contained in it. Therefore, to apply you Compact Policy to an entire website, place an .htaccess file in your account's root directory. 2. The .htaccess file must contain a line which adds your Compact Policy header. The line should look like: Header append P3P 'CP="ALL DSP COR CUR ADMi IVDi HISi OUR STP UNI"' 3. Note the following: - The command is: Header append - P3P is the header name. - The rest is the header value. - Note the use of quotes in the above example. Single-quotes surround the entire header value. Double-quotes surround the actual Compact Policy. ALL OTHER WEBSERVERS For instructions for other webservers, or for instructions on implementing server-wide policies for Apache, visit the following URL: http://www.w3.org/TR/2001/NOTE-p3pdeployment-20010510#Appendix_Servers STEP THREE - UPLOAD YOUR HTML PRIVACY STATEMENT 1. Upload the attached policy.html file to the location that you specified when creating your P3P Policy in P3PEdit. If you already have an HTML Privacy Statement in that location, skip this step. 2. Usually the file will be in http://www.re-union.org/w3c/policy.html. STEP FOUR - VALIDATE YOUR P3P POLICY 1. Visit: http://www.w3.org/P3P/validator.html 2. In the Integrated Validation text field, type the URL of your website 3. Press the 'check' button. A NOTE ABOUT VALIDATION During the validation process, the W3C validator will show two messages: Message: P3P: header does not include [policyref="URI"] directive. Message: No valid P3P compliant link element. These are not errors, they are only messages. Neither the link element nor the policyref header are needed when your policy is installed correctly. They are redundant data and waste bandwidth. IF YOU NEED ASSISTANCE Support is provided by e-mail only. Please send your questions (or comments) to support@codeinfusion.com. All types of questions and feedback are welcome. UPDATING YOUR POLICY Your P3P policy files are stored in the P3PEdit database to allow you to update your policy if necessary. Reasonable efforts are made to keep your policy files in our database indefinitely; however no guarantees are made as to the length of time that policies will remain in the P3PEdit database. Please keep these instructions and the P3P files as a backup if your policy files are lost or destroyed by unforeseen circumstances. You may access the P3PEdit update utility by using the Customer Logon feature available at http://p3pedit.com. Enter the following information: Policy Number: 145410491 Access Code: 3375848627 The direct link to download your files and update your P3P policy is: https://p3pedit.com/results.php?policynumber=145410491&accesscode=3375848627 Updates will overwrite your previous policy, and are limited to making changes that apply to the website and/or domain that the original policy was purchased for. EXAMPLES The codeinfusion.com website provides a nice example of how a policy can be implemented. Visit http://www.codeinfusion.com with Internet Explorer and check the privacy report for the website. Internet Explorer reports that a policy is found and displays information based on the policy implemented. You may also browse http://www.codeinfusion.com/w3c for file examples. The XML files will display in Internet Explorer (or any other XML compliant browser). COMPACT POLICY BELOW ********** BEGIN COMPACT POLICY HEADER STRING ********** CP="ALL DSP COR CUR ADMi IVDi HISi OUR STP UNI" ********** END COMPACT POLICY HEADER STRING **********