On Thu, 20 Dec 2001, Mark Fowler wrote: > (sorry to break threading but I'm getting this from multiple lists) > > > that IE 6 (beta at the time) considered my cookies to be third party > > because I used frame-based domain redirection and by default would not > > accept them. > > You need to include a P3P header in your HTTP header that contains a > Compact Policy (CP) - a geek code of what your P3P xml privacy document > contains. See http://www.w3c.org/P3P/. > > Some research I did seems to indicate that current implementations of IE6 > will accept cookies no matter what CP you use (rather than checking it > against your security settings and deciding if the CP represents a > privacy policy that violates your chosen level of disclosure.) I'd really > appreciate it other people could check this and confirm that IE6 is not > offering any actual privacy level protection and is just discriminated > against people that don't have P3P headers.
I found that IE6 require P3P header with medium and higher security settings but CP content doesn't matter - it need simply P3P: CP='anything'. Igor Sysoev