0

Some time ago Microsoft dropped support for P3P in IE11 and Edge on Windows 10 (https://msdn.microsoft.com/en-us/library/mt146424(v=vs.85).aspx). Unfortunately P3P remains in use, by default, in IE11 on Windows 7. We have thousands of endpoints that run IE11 on Windows 7 still, yet we get complaints that due to sites not publishing P3P policies, sites are not working.

Chrome, Firefox and likes do not even support P3P, so advice has usually been 'go to a different browser'. Recently we got asked a straight up question: "Can you turn P3P off in the advanced settings for the enterprise please?"

That is a good question. We certainly could, but should we? Microsoft is advicing sites not to public a P3P-policy anymore (see above link), but what exactly are we turning off if we disable P3P in the advanced internet options of IE11?

Does IE11 on Windows 7 have enough defense left if we turn off P3P enterprise wide?

More info on P3P: https://en.wikipedia.org/wiki/P3P

saekort
  • 353
  • 2
  • 10
  • "enough defense" P3P was never about defending the computer, and if you're relying on that as your protection do note that malicious sites can serve any P3P policy you want to work around your restrictions. – André Borie Mar 06 '17 at 11:16
  • I am well aware of that, this is why we are considering turning it off, because it is easily avoided and not all that truthfull. Hence why I am asking if there are any side effects and any reason not to do it. :) The main focus of my question is not intended to be if there is security left, just what changes if we turn it off. – saekort Mar 06 '17 at 15:08
  • Should be fine. Almost no sites support P3P anymore so it shouldn't be an issue. – André Borie Mar 06 '17 at 15:09

0 Answers0