Microsoft KB Archive/313558

= Privacy policy error occurs when you access sites through the authenticating proxy =

Article ID: 313558

Article Last Modified on 4/21/2006

-

APPLIES TO


 * Microsoft Internet Explorer (Programming)

-



This article was previously published under Q313558



SYMPTOMS
If you use Internet Explorer to browse to a Web site that contains a full privacy policy as defined by the Platform for Privacy Preferences (P3P) specification, and if your request goes through an HTTP proxy that requires authentication, your request for the privacy policy fails with the following error message:

Could not find a privacy policy for.



CAUSE
As section 2.4.3 of the P3P specification states, requests for policy reference files fall into a &quot;safe zone.&quot; The P3P specification states that the client should transmit very minimal identifying information about the user. In particular, the specification states:

User agents MAY also wish to refrain from sending user agent information or cookies accepted in a previous session on 'safe zone' requests.

Internet Explorer abides by this recommendation and does not transmit authentication credentials to a server when it performs P3P policy reference requests. However, authenticating proxy servers do not abide by the safe zone recommendation and thus reject the attempt by Internet Explorer to request a policy reference without credentials.



RESOLUTION
There is no known workaround at this time. The suggestion by the World Wide Web Consortium (W3C) to put policies in a well-known location does not apply. A proxy requires verification for any file that is requested from the remote server, regardless of location.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



Steps to Reproduce Behavior
NOTE: To reproduce this behavior, Internet Explorer must direct requests through a proxy that demands user authentication.


 * 1) Open Internet Explorer 6.0, and then browse to http://www.microsoft.com/. If your proxy server uses Windows NT Challenge/Response (NTLM) authentication, Internet Explorer automatically supplies your username and password; otherwise, Internet Explorer prompts you for this information.
 * 2) After the page appears, click Privacy Report on the View menu.
 * 3) A list of links that the page references appears. Click http://www.microsoft.com/, and then click Summary. The privacy policy for the Microsoft site does not appear, as you expect. Instead, you receive the following error message:

Could not find a privacy policy for http://www.microsoft.com/. To view this site's privacy policy, contact the Web site directly.

