I've been using a W3C compliant set of P3P .xml files for 5 or 6 years (via header.)

AFAIK, IE automatically checks the P3P "behind the scenes" if the user sets their browser security to trusted zone or higher. Otherwise, the IE user must manually get this report from the tool bar utility.

I don't know if Firefox or other browsers even support this platform. IMO wide spread use of P3P was a disappointment for the W3C. Seems kinda odd that IE does.

As for being effective or beneficial, I guess it's like taking vitamins; you never know what negative affect you've missed by not using it.

[w3.org...]

Many thanks keyplr.

I don't recall ever having a request for a "P3P policy file" previously, however I may not been attentive enough to explore it as something valid.

I've had a visitor (denied access) request the policy page.

Seems somewhat odd considering the majority of my widget users are not "geeks", or that a casual visitor (non-administrative) would even be aware of P3P.

I've checked the two major widget sites, which get hordes of traffic in excess of my sites, and neither offers any P3P files.

Don

IE will also automatically compare the site's P3P cookie values with that of the user's settings if the user has chosen not to accept one of the various cookie choices.

So I don't think you'll ever know if IE warns a user about this and the user makes a U turn away from your site. Also, as I said above, I don't think this platform was accepted across the internet as well as the W3C had hoped.

It takes a special tool, a bit of time and expense to create these 3 .xml files and possibly some tweaking on the various hosting servers to get it included in the request packets; just a META link isn't good enough. I had to append the abbreviated P3P tags to my global headers via p3p.ini.

Most webmasters just installed a human version of a privacy policy, and many didn't even do that.