header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
I've never seen such headers,what's it for?
views:
142answers:
3
+9
A:
It's a coded format expressing - in a machine-readable form - what the web site is going to do with your private data. IIRC, IE is using this already, it shows a human-readable translation of the P3P header in the status bar if the current site serves one.
See here: Platform for Privacy Preferences
The Gist:
The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
Pekka
2010-05-01 08:08:40
What exactly does `CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"` mean?
2010-05-01 08:16:51
@user very good question. I can't find a simple translation table, only what complicated specs the w3c page offers and in addition this: http://www.p3ptoolbox.org/guide/
Pekka
2010-05-01 08:34:10
@user I can't test it because I don't have a site handy that sends the headers but try whether the P3P validator: http://www.w3.org/P3P/validator.html offers any explanation about the codes.
Pekka
2010-05-01 08:40:23
+1
A:
The answers above are correct, but I think it's worth mentioning why you would want to do it from a functionality perspective. If you have a page that is being included by a frameset from a different domain, any version of IE 6 or newer will block the cookies for your page unless the p3p header is present.
The idea is that your page, if it placed in a frameset hosted by a different domain, is considered "third party" content. The fear is that you may trying to stick sneaky ad tracking or other cookies in a person's browser without their knowledge. The p3p header is a way of pinning your organization down as saying "we won't do anything sneaky with them 3rd party cookies". The user can set their browser to block your cookies if you don't set that header, and as of IE6 that is the default setting.
Paul
2010-05-11 00:28:35