is there a valid technical reason for hard coding a default P3P Policy in the HTTP headers using the Joomla session ?
Surely the Privicy Policy of a Joomla Website should be up to the owner of the site to decide/configureheader('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
I am guessing this is in the code to help with the setting of cookies in IE - but should it really be a hard coded thing as every Joomla website *may* have a different privicy policy.
If there is a valid reason, please can we have documented in this thread what each of the policies mean?
Also be aware that it is improper to post a P3P compact policy without also posting a full P3P policy. While you may be able to post just a compact policy to get around IE6 cookie blocking, this is not valid P3P and, again, might be considered a deceptive practice.
I am a co-author of the P3P specification and author of a forthcoming O'Reilly book called "Web Privacy with P3P" that should be out in August.
http://www.oreillynet.com/mac/blog/2002 ... ilure.html