iFrames + Google Analytics + Cookies + P3P [英] iFrames + Google Analytics + Cookies + P3P

问题描述

我正在开发一个为合作伙伴网站产生流量的网站.当在我们的网站上单击合作伙伴网站的徽标时，我们会在一个页面中打开合作伙伴网站，该页面包含我们的基本标题和 iframe 中的合作伙伴网站.早些时候，我们只是在新窗口中打开合作伙伴网站.到目前为止一切都很酷.

大多数合作伙伴网站使用谷歌分析来跟踪我们发送给他们的流量，在我们开始在 iframe 中打开网站后不久，我们的合作伙伴报告说谷歌分析不再跟踪数据(或仅跟踪一小部分数据).

我在 googleverse 上完成了我应得的作业/研究，并发现了跨域和 iframe 的 google 分析或 cookie 的已知问题.

我正在尝试解决这个问题，唯一被引用的解决方案是使用 P3P 标头.

1. 首先，P3P 标头去哪儿了?在我的网站页面或合作伙伴网站页面中.由于我们有许多合作伙伴站点(大大小小的)，如果解决方案是在这些站点中的每一个中放置标签，那将是不切实际的.我可以轻松地将它们添加到包含 iframe 的页面.

2. 在各种 p3p 标头生成器中，您推荐可靠的一个吗?

3. 有什么办法可以解决这个问题吗?我真的需要在 iframe 中打开网站，显然合作伙伴网站真的需要跟踪流量.

谢谢你的帮助.

解决方案

不幸的是，您和合作伙伴站点都需要设置标题.

替代方案:

• 如果您不希望合作伙伴网站设置标题，一种选择是降低安全级别(在 IE 中)或在浏览器设置中授予对第 3 方 cookie 的访问权限(在 FF 中).每个客户都必须这样做，因此这可能不是一个有吸引力的解决方案.
• 使用localStorage(HTML5 东西 - 支持 localStorage 的浏览器允许访问站点和存储在 localStorage 中的 iFrame 内容).这在短期内可能不可行，因为它需要您和您的合作伙伴站点实现向/从 localStorage 保存/读取信息，并且并非每个浏览器都支持它(尤其是较旧的 IE 浏览器).

添加一个基本的策略标题(理想情况下，您应该生成自己的直截了当的策略 - 检查下面的第 2 项)

在 php 中添加这一行:

<?php header('P3P: CP="CAO PSA OUR"');?>

在 ASP.Net 中:

HttpContext.Current.Response.AddHeader("p3p", "CP="CAO PSA OUR"");

在 HTML 页面中:

<小时>

关于您的其他问题:

1) P3P 标头是指提供称为 压缩策略到浏览器.如果没有这样的政策，IE(最值得注意的是)和其他浏览器将阻止访问 3rd 方 cookie(用于指代 iFrame cookie 的术语)以保护用户的隐私问题.

就 Google Analytics(分析)而言，您的网站和合作伙伴网站仍然需要配置 跨域跟踪，如其文档中所述.

2)您可以使用此基本政策标头(足以修复 iFrame 的 cookie):

<块引用>

P3P:CP="CAO PSA OUR"

或生成您自己的.如果您不确定这些术语的含义，请参阅这个.

要生成此类策略，您可以使用在线编辑器，例如 p3pedit.com 或 IBM 的 工具 提供一组问题并允许您提供答案.这使您可以轻松快速地生成此类策略.您可以生成策略 XML、紧凑政策等等.

3) 您可以尝试上面提到的两种选择.

将政策添加到整个网站的步骤

1. 生成紧凑策略(使用前面提到的工具之一)或使用基本策略
2. 在 IIS 中，右键单击所需的页面、目录或站点，然后单击属性".
3. 在HTTP 标头"选项卡上，单击添加".
4. 在自定义标题名称字段中，输入 P3P.
5. 在自定义标题值字段中，输入您的 Compact P3P 策略(或上面的基本策略)，然后单击确定.
6. 在 Apache 中，像这样的 mod_header 行可以:

<块引用>

Header append P3P "CP="CAO PSA OUR""

希望有帮助.

I am working on a website that generates traffic for partner sites. When a partner site's logo is clicked on our site we open the partner site in a page that contains our basic header and the partner site within an iframe. Earlier we were simply opening the partner site in new window. All cool so far.

Most partner sites use google analytics to track the traffic that we send them and soon after we started opening sites within iframe our partners reported that google analytics does not track data anymore (or tracks just a fraction of data).

I have done my fair share of homework/research on googleverse and found the know issue with google analytics or cookies in general across domains and iframes.

I am trying to resolve this issue and the only solution that has been referenced is the use of P3P headers.

1. First, where do the P3P headers go? In my sites pages or the partner sites pages. Since we have many partner sites (big and small) it wont be practical if the solution is to put tags in each of these sites. I can easily have them added to the page that contains the iframe.

2. Among the various p3p header generators is there a reliable one that you recommend?

3. Is there any way around this issue? I really need to open the sites in iframes and obviously the partner sites really need to track the traffic.

Thank you for the help.

解决方案

Unfortunately, both you and the partner site needs to set the headers.

Alternatives:

• If you do not want the partner site to set headers, one option is to lower the security level (in IE) or grant access to 3rd party cookies (in FF) in the browser settings. Every client has to do this, so this may not be an attractive solution.
• Use localStorage (HTML5 thingy - browsers that support localStorage allow access to both the site and the iFrame's content that is stored in localStorage). This may not be feasible in the short term as it requires both you and your partner site to implement saving/reading information to/from localStorage and not every browser supports it (older IE browsers especially).

To add a basic policy header (ideally you should generate your own policy which is straight forward - check item#2 below)

in php add this line:

<?php header('P3P: CP="CAO PSA OUR"'); ?>

in ASP.Net:

HttpContext.Current.Response.AddHeader("p3p", "CP="CAO PSA OUR"");

in HTML pages:

<meta http-equiv="P3P" content='CP="CAO PSA OUR"'>

---

Regarding your other concerns:

1) P3P headers refer to the HTTP header that delivers something called a compact policy to the browser. Without such a policy in place, IE (most notably) and other browsers will block access to 3rd party cookies (a term used to refer to iFrame's cookies) to protect user's privacy concerns.

As far as Google Analytics goes, both your site and the partner site still needs to configure cross domain tracking as outlined in their documentation.

2) You can use this basic policy header (which is enough to fix iFrame's cookies):

P3P: CP="CAO PSA OUR"

or generate your own. If you're not sure what those terms mean, see this.

To generate such policy, you can use online editors such as p3pedit.com or IBM's tool which present a set of questions and allow you to present answers. This makes it easy for you to quickly generate such policy. You can generate the policy XML, compact policy and more.

3) You can try the two alternatives mentioned above.

Steps to add the policy to your entire site

1. Generate a compact policy (using one of the tools mentioned earlier) or use the basic policy
2. In IIS, right-click the desired page, directory, or site, and then click Properties.
3. On the HTTP Headers tab, click Add.
4. In the Custom Header Name field, type P3P.
5. In the Custom Header Value field, enter your Compact P3P Policy (or the basic one from above) and then click OK.
6. In Apache, a mod_header line like this will do:

Header append P3P "CP="CAO PSA OUR""

Hope ths helps.

这篇关于iFrames + Google Analytics + Cookies + P3P的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！