ASP. NET tip: How to Implement p3p HTTP headers

The Problem
Q: Why "make sure to implement p3p if using iframes "?

 

A: If your application is inside iframe with parent belongs to another domain-cookies will not work for some very common invocations for example IE 6/7 with privacy set to medium. if Cookies don't work-session won't work.

 

Therefore session state turns out useless for your application under Internet Explorer. See-privacy in Internet Explorer 6.

 

This is relevant when domain that hosts IFRAME is different from parent domain. Because of the fact that this is not very common scenario-only a few familiar with the solution.

 

The solution
Solution-need to implement p3p header to tell the browser that cookies for your application inside IFRAME are OK for user privacy.

 

So, ASP. NET implementation may look like the following (Global. asax ):

 

Protected void application_beginrequest (Object sender, eventargs E)
{
//
Httpcontext. Current. response. addheader ("p3p", "cp = \" Cao PSA our \"");
}