HTTP P3P Header

By: Dusty Arlia
Published on Wednesday, June 25, 2014, 11:50 PM
Last Updated on Saturday, July 11, 2015 at 2:39 PM
Total Updates: 2

The P3P HTTP header is supposed to set P3P policy in the form of P3P:CP="your_compact_policy". However, P3P did not take off. Most web browsers have never fully implemented it. A lot of websites set this header with fake policy text and that was enough to fool browsers of the existence of a P3P policy and grant permissions for third party cookies. Here is an example:

P3P: CP="This is not a P3P policy! See for more info."