Unfortunately P3P policy files are not simple documents to create. The specification is fairly complex and ties together the technical, business, and social aspects of a website. The specification includes many elements that should rarely be used and some overlooked ones that should be used whenever possible. This makes it difficult to create and maintain current P3P documents that reflect current business practices.
The current analysis of the top sites on the Internet, 14.4% of the top 500 sites have a P3P policy file, but 34.7% of those policies have not been updated to the current 2002 specification, and 5.6% of the sites with policy files had no complete policies at all. Most of the policy files were minimal, only 5.6% had more than one policy for different parts of their site.55.6% had more than one statement defined.12.5% had more than one disputes record defined, while 9.7% had no disputes records at all. This data is live data based on the top 500 websites from Alexa, and is refreshed on a regular basis.
Below are several free P3P utilities and resouces to make it easier to create P3P policies.
A Web 2.0 policy viewer that displays the entire policy using a collapsible tree so that portions of interest can be expanded and viewed. This may be useful when viewing very large policies.
Displays the XML policy files associated with a P3P policy. This provides an easy validation to make sure that all of the policy references in p3p.xml can be resolved to a valid policy file. Links are provided to view the XML source file or to validate the contents using the W3C P3P validator.
Builds a sample P3P template based on selecting several high-level but common web-site attributes. These template are meant for reference only and are not suitable for deployment without further editing and verifying correctness with respect to written policies. They still can provide good starting points for creating policies that are fully compliant with the latest specification.
Generate compact policy strings from a P3P policy and test modifications. Includes a third-party test image for testing IE6 and later compatibility for third-party cookies. This is meant for testing completed policies since every compact policy is supposed to represent the contents of a full policy file.
List of sites that we use to test our policy parser and viewer on. It also includes the top 500 web-sites as reported by Alexa so that we can produce reliable stats on P3P adoption. Any site that is entered into our policy viewer also gets added to this list for future reference and testing.
© Enraspan Inc.2007-2018, All Rights Reserved