header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
I’ve never seen such headers,what’s it for?
Take a look at this site for a translation of the commands:
It’s a coded format expressing – in a machine-readable form – what the web site is going to do with your private data. IIRC, IE is using this already, it shows a human-readable translation of the P3P header in the status bar if the current site serves one.
See here: Platform for Privacy Preferences
The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
The answers above are correct, but I think it’s worth mentioning why you would want to do it from a functionality perspective. If you have a page that is being included by a frameset from a different domain, any version of IE 6 or newer will block the cookies for your page unless the p3p header is present.
The idea is that your page, if it placed in a frameset hosted by a different domain, is considered “third party” content. The fear is that you may trying to stick sneaky ad tracking or other cookies in a person’s browser without their knowledge. The p3p header is a way of pinning your organization down as saying “we won’t do anything sneaky with them 3rd party cookies”. The user can set their browser to block your cookies if you don’t set that header, and as of IE6 that is the default setting.
This specific chain of commands is included in sites that interact with facebook, and resolves Internet Explorer session issues.