R – P3P issue with IE and iframe


My question is related to the problem outlined in this question.

I have set up my p3p fine as far as I know (the p3p validator doesn't return any errors), but I still get blocked cookies.
The src of my iframe is an external website, is there anything special I have to do if the cookies I want to accept are coming from an external site?

Here is my p3p.xml:

<?xml version="1.0" encoding="UTF-8" ?>
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<!-- Policy Generated by P3PWiz http://www.p3pwiz.com -->
  <EXPIRY date="Tue, 16 Feb 2010 08:50:40 -0600"/>
  <POLICY-REF about="/w3c/Policies.xml#Privacy">
  <POLICY-REF about="/w3c/Policies.xml#WSC">
    <COOKIE-INCLUDE name="*" value="*" domain="*" path="*" />

Best Solution

Well, I'm not sure that you're setting the header right as it is described in the article:

Send the compact header with responses

I've set the webserver at example.com to send the compact header with responses, like this:

HTTP/1.1 200 OK P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR IVAi IVDi OUR TST" // ... other headers and content

policyref is a relative URI to the Policy Reference file (which in turn references the privacy policies), CP is the compact policy representation

As you can see, somebody else had the same problem:

I was 95% complete, but my header only said: P3P: CP="...." and didn't include the policyref link, which made it work in IE7, but not IE6... works good now. Thanks! – AndreasKnudsen May 12 at 10:17

I'm also wondering if there is any relation between where the policy file is hosted and where the actual site is hosted.