Last updated: 6/6/02
headers for a web site running on an Apache web server and p3p privacy
Well, no one has asked me this question yet; but I had
a devil of a time with it... So, I'm adding it to our FAQs to hopefully help
someone out. This fixed the Internet Explorer 6 (IE 6) cookie problems
on my web site.
below is what I have installed for my forums and it works with IE 6 set
to the default privacy settings (Medium).
Make an Apache .htaccess file with a text editor such as notespad or
wordpad (or edit an existing one--and don't wipe-out an existing one, such
as those put on a web site by the FrontPage Server extensions) and put a
line similar to the following in it:
header append P3P: 'CP="CAO DSP COR CURa ADMa DEVa
OUR IND PHY ONL UNI COM NAV INT DEM PRE"'
All on one line, of course. The "' at the end
of the line is made-up of " followed by a ' with no spaces.
Upload the file to the directory on the web server to be
covered by the policy. I uploaded .htaccess all of the P3P files with
in the ASCII transfer mode. It will effect that directory and any subdirectories,
etc. branching off from it, unless there is another .htaccess file in a subdirectory
which overrides it or part of it.
You can check it with the HTTP Header Viewer at http://www.delorie.com/web/headers.html.
Here's an extract from my forum HTTP headers:
HTTP/1.1 200 OK
Date: Wed, 05 Jun 2002 20:42:55 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM
To check it in IE 6, delete relevant cookies in C:\windows\cookies
or wherever they are (I deleted the ones with duxcw--my domain is duxcw.com)
in them, but they may not have that in them. It may have your unix
user name in it if you installed the script, etc. that does the cookie functions. Open
IE 6, Tools, Internet Options, Privacy... Click Edit in Web Sites, and Remove
your web site if it is set to "Allow." Then set the Security
for the Site to Default, which is Medium. After that, click Advanced,
Override automatic cookie handling, set both for Prompt, OK, OK. Now
the cookies thing; e.g., in my case, our forums. This should produce
the prompt. In the cookie prompt click More Info. If the http
header is working, you should see the compact privacy at the bottom of the
bottom of the screen. I saw nothing in that box until I got it
right. After testing reset your IE privacy to the desired configuration. Also,
Privacy Report, Select the site or a directory of a site, and click Summary.
My forum directory is set-up with a separate P3P privacy
I used one P3P policy for the whole site it would unnecessarily restrict
will also add a third P3P policy for our Online Store as soon as I finish
testing the new software and bring it on line. The store will also
The Apache documentation on the Header Directive is
I found Ken Coar's Using .htaccess Files with Apache at http://apache-server.com/tutorials/ATusing-htaccess.html quite
The Platform for Privacy Preferences section of the W3C
web site is at http://www.w3.org/P3P/.
The Platform for Privacy Preferences 1.0 Deployment
Guide is available at http://www.w3.org/TR/2002/NOTE-p3pdeployment-20020211.
I used the IBM P3P Policy Editor to make the compact
your work if you intend to go to another application and copy some text to
paste in P3P editor, because that caused it lockup frequently on my computer.
I also found that the IBM P3P Policy editor was rather
difficult to understand and use until I read through most of The Platform
for Privacy Preferences 1.0 (P3P1.0) Specification at http://www.w3.org/TR/2002/PR-P3P-20020128/.
The P3P Valuator at http://apache-server.com/tutorials/ATusing-htaccess.html will
in the p3p.xlm file (You will learn about that file in the references. The IBM
P3P Policy Editor generates it.). I inspected everything carefully and could
not find anything wrong with the tags. I redid the that section by
copying, pasting, and editing one of the other entries, but the error kept
appearing. Finally I hand-typed the entry and that fixed it. I
can only guess that it was being caused by an invisible control code, a problem
I have not seen in a long time.
Microsoft's has a rather long presentation on the IE 6
P3P cookie features.
Please, don't ask me my opinion of the wisdom (or lack
Webmaster FAQ Index