| It's really unbelievable... It's not really that unbelievable: Microsoft is berating Google for sending invalid P3P headers and this paper describes that Microsoft is sending invalid P3P headers. Microsoft does not always fully comply with the letter of the law... In this case what constitutes the letter of the law isn't really clear. As far as I can tell this is the latest specification for the P3P header: http://tools.ietf.org/html/draft-marchiori-w3c-p3p-header-01 I'm going to quote a small portion: This Internet-Draft will expire on August 6, 2002. So it's at least arguable that there isn't a standard for the P3P header, and whatever anyone wants to put in it is just whatever they put in it, nothing is invalid and everyone is fine. Only IE supports it anyway, and it's not like it prevents websites from doing things they've said in their P3P headers that they're not going to do. And the header is required to make IE accept 3rd party cookies (which are needed for lots of quite normal stuff on the web) you need to send it one of these headers. RFC 6462 also has some interesting comments: http://tools.ietf.org/html/rfc6462#section-4.3.2 |