I had a play with it a few years ago.

As I recall you can get a plugin for your browser that will check the p3p.xml file of sites you visit and compare the privacy settings in there to those the users configured. If the p3p.xml matched or was better than the users defined privacy preferences you would get the green bird. If not you would get a yellow or a red one.

I don't think the standard ever took off, which doesn't really suprise me, as it is the web site owner that populates the information in the p3p.xml file for their site, so those unscrupelous web sites owners could easily claim they respect your privacy when if fact they aren't going to.

Have a look at
[msdn.microsoft.com...]

Thanks Dijk:

This looks like a lot more hassle and bother than its worth.

I think I'll just draw a cartoon of a dead canary and put that up instead. -Larry

You should not underestimate the importance of P3P if you site relies on cookies. If the browser will consider that P3P policy is not suitable, it may reject cookies from this site that may result in undesired site behavior. Luckily most of the browsers with default settings accept cookies without valid P3P :)

I use the following on sites that use sessions:

# P3P policy for session data 
if($_SESSION) header("P3P: CP='list your p3p codes here'");

I didn't know about a p3p.xml file, but it's probably an alternative to sending the header. There are a couple of (free) sites that will let you generate a p3p code suitable for your site.

But I wouldn't lose sleep over it ;)

Thanks people:

My site doesn't set or read cookies at all.

I put up a tiny B&W cartoon of a dead canary anyway, couldn't get up a colored image.
I suppose nobody will know what that means, but it looks cute in a sick sort of way. -Larry