1. Home
  2. Forums Index
  3. Browser Side / HTML 10:21 am May 1, 2026

Forum Moderators: open

Message Too Old, No Replies

P3P: What it is and what it means to you - Part 2

         

IRBSurfer

7:58 am on May 4, 2002 (gmt 0)



Continued from: [webmasterworld.com...]

Summary:
I found three ways to supply P3P Compact Policy headers that validate with w3.org's P3P validator (w3.org/P3P/validator/20010928/).
using a <meta http-equiv> tag
using mod_headers on my Unix Apache server
using PHP (or rather: adding it to phpCMS)

1. <meta http-equiv> tag
Before I started investigating this in more detail I thought I wasn't able to access the innards of my server, and have it send P3P headers by default. That's why I was hoping to figure out how to use a <meta http-equiv> tag to do this for me.

Using the then current version of the P3P validator (w3.org/P3P/validator/20010928/) at the time this article was first published, I found the following Compact Policy <meta http-equiv> validated as P3P compliant header:
<meta http-equiv="P3P" content='CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"' />
(Note this is on a single line)
NOTE: While the above is still true as per the P3P specs, the latest version of the P3P validator (w3.org/P3P/validator/20020128/) throws an error that is explained thus:

2002/02/14 [Bug 01] The validator recognizes http-equiv headers in HTML documents. This is not a bug. However, almost all HTML user agents do not recognize http-equiv headers. Therefore, I will make the validator not to recognize them. Details about this issue is here.

2. Specifying P3P CP header using mod_headers
Since I found my server does not send the <meta http-equiv> tag's content as regular header I looked into this further, and found I could make this work server side after all. In an .htaccess file in my document root I now have the following mod_headers directive:
Header append P3P "CP=\"CAO DSP AND SO ON\" policyref=\"/w3c/p3p.xml\""
(Note this is on a single line)
The header directive can be used in a number of places: server config, virtual host, access.conf, and .htaccess. It lets Apache append the Compact Policy header to every document it serves — you don't need the <meta http-equiv> tag in this case. Again, this makes your headers validate in w3.org's P3P validator.

3. Adding Compact Policy headers in PHP
Since I'm using phpCMS on my site, method 2 only works for regular html documents. Any pages that are being parsed and served via PHP don't get the P3P header added through the mod_headers directive in the .htaccess file.

So I added the following to the list of headers sent by php(CMS):
Header("P3P: CP=\"CAO DSP AND SO ON\" policyref=\"/w3c/p3p.xml\"");
(Note this is on a single line)

mdharrold

10:45 am on May 20, 2002 (gmt 0)

10+ Year Member



This is related to the original p3p topic [webmasterworld.com] but that one is now locked.

IRBSurfer:
What are those CPs you set?
Header append p3p "CP=\"CAO DSP AND SO ON\" policyref=\"/w3c/p3p.xml\""

mdharrold

8:58 pm on May 21, 2002 (gmt 0)

10+ Year Member



After getting the software and paying attention, CP stands for "Compact Policy".
But I can not get the Header append to work. Do you post it exactly as you have it written, with the proper CPs, or is that just a chunk?
I searched the Apache site and the W3C site and can't find anything about it.

mdharrold

3:19 pm on May 22, 2002 (gmt 0)

10+ Year Member



After many attempts, it turns out I am not allowed to use mod_headers.

Here is the perl equivilant:

print "P3P: policyref=\"/w3c/p3p.xml\"\n";

Place this among your other headers before the Content-type header.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / HTML 10:21 am May 1, 2026