What does header('P3P: CP=“CAO PSA OUR”'); do?

Question

What is header(\'P3P: CP=\"CAO PSA OUR\"\'); for?

How/why will it let this script work fine in IE?

session_start();

if (!session_is_reg         


        

Answer 1

header('P3P: CP="CAO PSA OUR"') sets a particular P3P Compact Policy (CP) which has been commonly used to allow third-party cookies from (i)frames to be used in Internet Explorer.

From Microsoft Knowledge Base article 323752.

Internet Explorer 6 introduced support for the Platform for Privacy Preferences (P3P) Project. The P3P standard notes that if a FRAMESET or a parent window references another site inside a FRAME or inside a child window, the child site is considered third party content. Internet Explorer, which uses the default privacy setting of Medium, silently rejects cookies sent from third party sites.

The article describes the CP code above:

This code sample shows that your site provides you access to your own contact information (CAO), that any analyzed data is only "pseudo-analyzed", which means that the data is connected to your online persona and not to your physical identity (PSA), and that your data is not supplied to any outside agencies for those agencies to use (OUR).

N.B. This CP is invalid as it stands since it doesn't contain any RETENTION or CATEGORIES tokens.