I have been beating my head against the wall trying to figure out how to get around my tracking cookies from getting blocked because of the P3P Compact Policy so I hope I can add a solution that worked for me.
It seems to have all started with IE6 and carried over to IE7 and possibly to IE8 when it's out of beta. At the moment it seems to have about a 80% market share which can't be ignored. I'm not sure of any other browsers that may need this P3P policy to be in place (maybe someone can give some insight?).
There are many online policy generators out there but they all have a price to pay between $25 to $40 for each policy generated. So I searched high and low and found a Free policy generator here. Now it isn't perfect and a little time consuming to do but it's free.
Go through the policy generation process and pay particular attention to the "Data" section. Just click on "how to write basic data" and a pop up window with the code needed will display. In the text box paste each data set on a new line as necessary. This is for which cookies you'll be using. I'm no expert but just basic data seems to be enough.
Once you are through generate your policy. You'll have 4 sections: P3P Policy XML, PRF (or Preferences) XML (I'm not sure what to do with this but I didn't use it), Compact policy (the important one!) and compact policy header information.
Take the policy XML and create a file called p3p.xml and paste the code there. Now create a folder at the root level called "w3c" and place the p3p.xml file there.
Now create a .htaccess file at the root level or use your existing .htaccess and add this code to it. This is just a example! Use your own code and path.
header append P3P: 'CP="CAO DSP COR NID CUR ADMa DEVa IVAa IVDa CONa OUR IND UNI PUR COM NAV INT CNT STA"'
header append P3P: 'policyref="http://www.yoursite.com/w3c/p3p.xml"'
One on each line.
The "CP" code created by this generator is a bit flawed so go to this site and use their Compact Policy Validator and make the corrections necessary until it validates. Use this validated code rather than the one created by the generator on the first line.
At this point you should have a folder named "w3c" at the root level, a p3p.xml file and a .htaccess with the above code at the root level. You should create a human readable privacy policy file inside the "w3c" folder with a html extension such as privacy.html. Check the path at the top of the p3p.xml file to your readable file.
At this point I took my Prosper generated link I use in my PPC campaign and put it directly into the browser and no red "eye"! You can go to "view" in IE and click on "Web Page Privacy Policy" and you should see Cookies "Accepted" instead of "Blocked" from your tracking site. Yay!
I hope this is clearer than mud but like I stated earlier, I'm no expert! If anyone has anything else to add, please do!
The only little bit of concern is when you view the policy from the view menu and highlight the tracking link (even though it's accepted) click on summary and there is a statement like "Could not find a privacy policy for http://www.trackingsite.com/tracking202/static/landing.php to view this site's privacy policy contact the Web site directly" and also record.php which I don't completely understand. Maybe Wes or Steven could enlighten us about this. I don't know how important this is but the red eye is gone and the cookies appear to be accepted so I'm not too concerned.
I really hope this helps some people because it worked for me!
Rob
