Strict P3P Validation

Internet Explorer offers users many tools to help protect their privacy, including InPrivate Browsing, cookie controls (including P3P), and Tracking Protection Lists. In February of 2012, the IE team described how a misleading P3P statement was being used to circumvent users’ privacy settings. Default P3P Restrictions Internet Explorer’s default settings restrict the use of 3rd…


A Quick Look at P3P

Internet Explorer supports a cookie-restricting privacy feature called P3P. Web developers often get tripped up by it because no other browser implements the P3P standard. I’ve written about IE’s cookie control features previously (and more comprehensively), but here’s a summary of the “least you need to know.” P3P Made Simple By default, IE will reject cookies…


The Intranet Zone

Internet Explorer maps web content into one of five security zones. After the Local Machine Zone, the Local Intranet Zone is probably the most misunderstood of the Zones, and is a common source of confusion and compatibility glitches. Mapping into the Local Intranet Zone For the Trusted and Restricted Sites zones, Zone Mapping is simple….


Understanding Enhanced Protected Mode

Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and developers better understand how this feature works and what impact it may have on scenarios they care about. Internet…


Internet Explorer 9.0.2 Update

Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of KB2559049. One fix enables the IE9 Download Manager to properly save files on network drives where the…


Beware Cookie Sharing in Cross-Zone Scenarios

Note: I mentioned this problem before (Troubleshooting Login Cookies #3) but it was buried in a long post and this is an issue that lots of folks inside Microsoft hit, so I’m pulling it out into its own post. The Problem From time to time, various users have complained to the IE team that they’re…


Understanding Cookie Controls

Internet Explorer offers an extremely rich set of options for controlling cookies. The default settings are fairly well-balanced, but some users may want to introduce more restrictive or specialized controls. To configure cookie settings in IE, click Tools > Internet Options. Click the Privacy tab. The tab offers a simple slider with a range of…


Understanding Session Lifetime

Back in May of last year, I discussed changes we made in Internet Explorer 8 to make the browser’s session handling behavior more predictable. Specifically, we introduced a “New Session” item on the File menu—this menu item explicitly creates a new browser session which doesn’t share session information with the existing session. From the command…


Understanding Domain Names in Internet Explorer

Web browsers use domain names for a variety of purposes, but how they’re used is much more complicated than most developers realize. In this post, I’ll attempt to cover the most important aspects of this topic. Definitions When talking about “domains” the terminology alone is confusing (and contentious).  So, let’s start with some simplistic definitions…


Why Won’t IE Remember My Login Info?

Over on the Microsoft Answers forum, some folks have reported that Internet Explorer doesn’t remember their login details. This is a tricky problem to troubleshoot because there are a number of different problems which get lumped together under this description, and there are a number of different causes for each problem. Let’s break down the…