I have a contact form inside of an iframe, which uses captcha, and therefore requires session variables. It works fine in every browser except IE9. To make it work in IE8, I added the following line at the beginning of the php document:

header('P3P:CP="CAO IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); 

However, this doesn't appear to work in IE9. Any ideas?

Best Answer: @user973810

Thanks a lot. This

header('P3P: CP="NOI ADM DEV PSAi NAV OUR STP IND DEM"');

helped me out very much. It's questionable why only the IE does such strange things.

Btw: here's the explanation for that. ;)

• NOI Web Site does not collected identified data.
• ADM Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa).
• DEV Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa).
• PSAi Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
• NAV Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
• OUR Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
• STP Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
• IND Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.
• DEM Data about an individual's characteristics -- such as gender, age, and income.

Source: http://www.p3pwriter.com/lrn_111.asp

this one works for me IE to accept cross-browser cookies on all browsers

add the following bit of code prior to any page output

header('p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');

or this in the head block

<meta http-equiv="P3P" content='CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"' />

I've used this header and been able to save cookies in IE9:

header('P3P: CP="NOI ADM DEV PSAi NAV OUR STP IND DEM"');

I've tried to find a resource for what all of these mean, but have never seen one. I do notice that there are some rules listed in my header that aren't in yours.

I also host a p3p policy on the server, as outlined here: http://www.awardsites.com/tutorials/w3c/p3p_privacy-01.htm