How do you insert a CP policy in the blog header?

Here’s where i got the info on using a .htaccess file to insert a global CP Policy. This page has useful links for submitting a page for P3P validation:
https://www.duxcw.com/faq/webmastr/privhttp.htm
<begin quote>
P3P Compact Privacy Policy
Last updated: 6/6/02
How to add a P3P compact privacy policy to the http headers for a web site running on an Apache web server and p3p privacy policy links.

Well, no one has asked me this question yet; but I had a devil of a time with it… So, I’m adding it to our FAQs to hopefully help someone out. This fixed the Internet Explorer 6 (IE 6) cookie problems on my web site.

For dcforum administrators, the compact privacy policy below is what I have installed for my forums and it works with IE 6 set to the default privacy settings (Medium).

Make an Apache .htaccess file with a text editor such as notespad or wordpad (or edit an existing one–and don’t wipe-out an existing one, such as those put on a web site by the FrontPage Server extensions) and put a line similar to the following in it:

header append P3P: ‘CP=”CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE”‘

All on one line, of course. The “‘ at the end of the line is made-up of ” followed by a ‘ with no spaces.

Upload the file to the directory on the web server to be covered by the policy. I uploaded .htaccess all of the P3P files with SmartFTP (https://www.smartftp.com/) in the ASCII transfer mode. It will effect that directory and any subdirectories, etc. branching off from it, unless there is another .htaccess file in a subdirectory which overrides it or part of it.

You can check it with the HTTP Header Viewer at https://www.delorie.com/web/headers.html.

Here’s an extract from my forum HTTP headers:

HTTP/1.1 200 OK
Date: Wed, 05 Jun 2002 20:42:55 GMT
Server: Apache/1.3.23
P3P: CP=”CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE”
….
The Apache documentation on the Header Directive is at https://httpd.apache.org/docs/mod/mod_headers.html#header.

I found Ken Coar’s Using .htaccess Files with Apache at https://apache-server.com/tutorials/ATusing-htaccess.html quite useful.
<end quote>
Please don’t tell me to try to use .htaccess to set the CP Policy globally because i’ve tried it many different ways and it doesn’t work. I need to insert it into the WordPress (v. 1.5.1.1) file that generates initial blog page.
Where is that hidden and how can i insert the CP string into it. Please????

I’m not familiar with what you are talking about exactly, but I can tell you where the header file is located.

Look in the directory in which you have wordpress. Follow this path…

wp-content–>themes–>whatever theme you are using–>header.php for everything included within the <head></head> tags, as well as the beginning of the <body> tag and everything above the blog itself. Although it’s php, the page is mostly XHTML and fairly easy to follow if you’re not familiar with php.

That help any?

Yes, i’ve tried doing that by inserting the new link for the CP policy into the header.php file (which is Classic, BTW). I’ve tried putting that line in several different places after the <HEAD> opening. The added line never shows up in the XHTML Validator below:
Source Listing
Below is the source input I used for this validation:

1: <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;
2: <html xmlns=”https://www.w3.org/1999/xhtml”&gt;
3:
4: <head profile=”https://gmpg.org/xfn/11″&gt;
5: <meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
6:
7: <title>www.MACCS2SUPPORT.com</title>
8:
9: <meta name=”generator” content=”WordPress 1.5.1.1″ /> <!– leave this for stats please –>
10:
11: <style type=”text/css” media=”screen”>
12: @import url( https://www.davidchanin.com/blog1/wp-content/themes/classic/style.css );
13: </style>
——

As you can see, the P3Pv1 line is right after the <HEAD> in the file header.php that is on my server right now, which looks like this. This file is on my server right now but the link to P3Pv1 is not shown by the XHTML Validator. Here is my current header.php. Nobody can log in with IE 6 unless they add my site to their Trusted Sites list, and asking them to do so would me me look pathetic as a programmer.
—
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;
<html xmlns=”https://www.w3.org/1999/xhtml”&gt;

<head profile=”https://gmpg.org/xfn/11″&gt;
<link rel=”P3Pv1″ href=”https://www.MACCS2SUPPORT.com/w3c/p3p.xml”&gt;

<meta http-equiv=”Content-Type” content=”<?php bloginfo(‘html_type’); ?>; charset=<?php bloginfo(‘charset’); ?>” />

<title><?php bloginfo(‘name’); ?><?php wp_title(); ?></title>

OOPS! I did the previous on the header.php for Default, not Classic. Here is the Validator showing the inserted P3Pv1 link right after the <Head>
—
1: <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;
2: <html xmlns=”https://www.w3.org/1999/xhtml”&gt;
3:
4: <head profile=”https://gmpg.org/xfn/11″&gt;
5:
6: <link rel=”P3Pv1″ href=”https://www.MACCS2SUPPORT.com/w3c/p3p.xml”/&gt;
7:
8: <meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
9:
10: <title>www.MACCS2SUPPORT.com</title>

Ok, i’ve figured out the the Privacy Policy genertor at
https://www.canadiancontent.net/en/jd/go?Url=https://www.p3pwiz.com
is not generating well-formed XML for my privacy policy file:
https://validator.w3.org/p3p/20010928/header.pl?mode=line&uri=https://www.maccs2support.com/w3c/p3p.xml

Even though the link to the P3Pv1 file is right after the <HEAD>, the P3P Validator is saying that it can’t find it. I guess i have to use the IBM Ploicy Generator, even though many say it’s hard to use.

Here is what i get from the P3P Validator even though the link is in there:
—–
Step 1-2: Syntax check

/w3c/p3p.xml is NOT an well-formed XML file

.

mismatched tag at line 6, column 2, byte 129:
<TITLE>MACCS2 Support Forum</TITLE>

</HEAD>
=^
<FRAMESET ROWS=”100%,*” BORDER=”0″ FRAMEBORDER=”0″>
<FRAME SRC=”https://www.davidchanin.com/blog1/w3c/p3p.xml&#8221; SCROLLING=”AUTO” NAME=”bannerframe” NORESIZE>
——————————————————————————–

Step 2: HTTP Protocol Validation ( HTTP headers )

HTTP headers have no P3P: header.

——————————————————————————–

Step 3: HTML File Validation

HTML document has no P3P compliant link tags.

OK, the IBM P3P Editor is easy to use and i have the XML file. The problem is how do i insert a link into the WordPress file(s) so that it find my privacy file (in XML)? Also, how do i set up the compact privacy (CP) string for WordPress?

I can’t believe i’m the only one who wants to have a WP blog accessible with the default security settings of IE 6. Most people at work don’t have a choice on what browser to use or its security settings. This seems like a major deficiency of the WP software.

OK, the easiest solution is to turn off cookies and that will avoid the third-part cookie problem. They wll not have a persistent session. I’ve already wasted two days on this.

Can anyone tell me how to to turn off cookies in WP 1.5..11.1??? Thanks!

I just figured out how to add the P3P just by using .htaccess!

Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""


Solution at askApache