[nycphp-talk] P3P and MSIE6 cookies

Chris Snyder chris at
Tue Feb 4 23:22:56 EST 2003

Analysis & Solutions wrote:

>First, let me thank Chris Shiflett for posting the P3P information.  I 
>wasn't aware of this initiative.  While it's not an issue for me right 
>now, I know it will become one, as the browsers which implement this 
>platform become more widely used and the users understand what they can 
>do.  So, I implemented it.  Folks curious to see a valid setup can check 
Thanks Dan and Chris!

Your links and examples, combined with the not-so-user-friendly IBM 
generator mentioned here ( helped me 
get these up on my server:

There are three files there: the xml privacy policy (privacy.xml) 
created by the generator, the "policy reference" file (p3p.xml) that I 
had to build by hand, and a file with Apache Directives that instruct 
the server to use a single w3c alias server-wide and to send a P3P 
header. Apache needs to be compiled with mod_headers enabled in order to 
do this. The P3P: header could also be generated by PHP, of course.
Hooray, it validates. Tested this on MSIE6 with a High Privacy Setting, 
and it took my cookie.

BTW in case you run into this down the line, you can View>Privacy 
Report... in Internet Explorer to get some idea of what's up P3P-wise, 
and there's also a Settings button in the same dialog box.


More information about the talk mailing list