I have two websites, let\'s say they\'re example.com
and anotherexample.net
.
On anotherexample.net/page.html
, I have an IFRAME S
I've spend a large part of my day looking into this P3P thing and I feel the need to share what I've found out.
I've noticed that the P3P concept is very outdated and seems only to be really used/enforced by Internet Explorer (IE).
The simplest explanation is: IE wants you to define a P3P header if you are using cookies.
This is a nice idea, and luckily most of the time not providing this header won't cause any issues (read browser warnings). Unless your website/web application is loaded into an other website using an (i)Frame. This is where IE becomes a massive pain in the ***. It will not allow you to set a cookie unless the P3P header is set.
Knowing this I wanted to find an answer to the following two questions:
My findings are:
The concept was born in 2002 and it baffles me that this outdated and legally unimplemented concept is still forced upon developers within IE. If this header doesn't have have any legal ramifications this header should be ignored (or alternatively, generate a warning or notification in the console). Not enforced! I'm now forced to put a line in my code (and send a header to the client) that does absolutely nothing.
In short - to keep IE happy - add the following line to your PHP code (Other languages should look similar)
header('P3P: CP="Potato"');
Problem solved, and IE is happy with this potato.