- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 10 Oct 2001 10:42:06 -0400
- To: Andreas Färber <andreas@faerber.as>, <www-p3p-policy@w3.org>
Certainly if you are using a server that recognizes this and creates a normal HTTP header, then that is fine. But you should make sure your server does that before you use this approach. I don't think all servers will do this. Lorrie ----- Original Message ----- From: "Andreas Färber" <andreas.faerber@web.de> To: <www-p3p-policy@w3.org> Sent: Wednesday, October 10, 2001 10:21 AM Subject: Using <meta http-equiv> [was: [www-p3p-policy] <none>] > > > <meta http-equiv="P3P" content='CP="YOUR_CP" policyref="YOUR_REF_URI"'> > > > This is not recommended. Not all user agents support http-equiv, and > > those that do support it may not see the CP until after they evaluate > > the cookie if you do this. The whole point of the CP is to allow > > user agents to get a snap shot of the policy early so they can make > > quick decisions about cookies. > > > > Lorrie > > Wasn't the idea behind using the meta http-equiv that the *server* (not the > user agent) might recognize it and might send it as a "normal" HTTP Header? > At least some Apaches I've worked with did so. Therefore it would be a > workaround for those Apache users not able to use mod_headers. > > Andreas > >
Received on Wednesday, 10 October 2001 10:41:55 UTC