What possible harm can come from setting the header: P3P: CP="CAO PSA OUR"

The header is used to allow cross domain requests in IE through iframes. I've tested adding this, and my code executes as expected now in IE.

What possible harm could come from adding this header?

Solution

It depends... Do you trust everyone you frame? Do you trust everyone that are framing you? Do you know that I don't frame you, and then alter the content of you page?

There is a proper HTML5 solution for this: postMessage (se e.g. http://html5demos.com/postmessage2). This lets you set up trust relationships etc.

jQuery even has a wrapper plugin that encapsulates this, and uses an #anchor trick if the browser does not support the HTML5 postMessage:

http://benalman.com/projects/jquery-postmessage-plugin/ http://plugins.jquery.com/plugin-tags/postmessage

Be security aware, don't turn off browser-enabled security features... :)

Custom NuGet feed with invalid certificate
How to run dotnet tests in a specific environment?
Map string column in Entity Framework to Enum (EF 6, not EF Core)
string interning vs address in memory
problem deleting Item in collectionView .NET Maui
Mongo as replica set in Testcontainers in .NET
Why does my .NET 6 WPF project not start on Windows 7?
How can I "un-JsonIgnore" an attribute in a derived class?
Convert C# HashSet to F# Set
Multiple awaits vs Task.WaitAll - equivalent?
Task return type with and without Async
FolderBrowserDialog hangs in .Net installer project
Error: One or more duplicate file names were detected. All image filenames must be unique : edupay (Resources\AppIcon\edupay.png
How can I view the disassembly of optimised jitted .NET code?
PowerShell script to return versions of .NET Framework on a machine?
Google recaptcha enterprise: Your default credentials were not found
Is there a way to create or update a MongoDB index?
Foreach can't be used for variables of type "PropertyInfo" because "PropertyInfo" has no defintion for "GetEnumerator"
How do I determine a mapped drive's actual path?
Export DataGridView to HTML Page
Virtual/Abstract fields in C#
.NET API for Google Talk?
Specifying IOS simulator when running app via .NET command line tools
How do I get .NET's Path.Combine to convert forward slashes to backslashes?
What's the deal with char.GetNumericValue?
Call SelectedIndexChanged on ComboBox within User Control
How to detect Windows 8 Operating system using C# 4.0?
How to Implement Polymorphic Request Bodies in ASP.NET Core Web API with Swagger UI?
Copy files from Nuget package to output directory with MsBuild in .csproj and dotnet pack command
Why InvalidCastException when awaiting Task-returning method?