Google and Facebook bypassing P3P User Privacy Settings

I wrote about P3P a very long time ago, and have implemented it on several websites. Some history, the W3C crafted the P3P policy.
Microsoft introduced P3P support in IE6 (in 2001) and it remains implemented in all current versions of the browser. The primary intended use is to block 3rd party cookies within the browser on behalf of the user.

Interesting enough, Microsoft has had been a bit of a struggle with Google and Facebook, which send the following HTTP response headers.

Google’s Response:

P3P: CP="This is not a P3P policy! See for more info."

Facebook’s response:

P3P: CP="Facebook does not have a P3P policy. Learn why here:"


Browser capabilities comparison testing

Browsers tend to evolve quickly, but they often do not offer the same capabilities cross-platform. As a result of this, there are many standard tests available to the developers of browser software to test for compliance with modern web standards.

Before making use of a specific capability in your web application, it’s often best to determine which browsers can support it.

Use ARAI role=”button”

With the widespread use of Rich Web applications, links and other HTML tags are are often used to create buttons. When an element is focused, screen readers announce its tag name. That means users of screen readers will be unaware of the intention of the markup used. For links, the value of the link’s href may be announced and confuse the users. The addition of the ‘role’ attribute helps with semantics and with accessibility tools such as JAWS. In addition, you’ll also want to verify that the tabindex is set to a valid value to allow for keyboard navigation of the page.

Some examples:

<a role="button" href="#">Click Me</a>
<a role="button" href="javascript:callback();">Click Me</a>
<a role="button" tabindex="0">Click Me</a>
<img role="button" tabindex="0" src="example.gif" alt="Click Me" />