P3P Headers seem to be valid yet still being blocked by IE

Hi Everyone,

I’ve been banging my head against the desk about this and now it’s started to bleed so I though I would try and seek some advise.

I am trying to load an iframe (frame.com) in a parent page (page.com) and read a cookie from frame.com. IE sees these as a potential security threat and blocks them if your site does not display the correct P3P heading and privicy policy. Fair do’s, but fair do’s have been done and it’s still blocking them. I’ve read extensively around the issue but I seem to be doing all the documented things but with no results.

The P3P and policy seem to be valid: http://validator.w3.org/p3p/20020128/p3p.pl?uri=cms1.slingshotshopping.com

The iframe content is displaying a P3P header:

Response Headersview source
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection Keep-Alive
Content-Encoding gzip
Content-Length 783
Content-Type text/html
Date Fri, 17 Feb 2012 11:48:41 GMT
Expires Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive timeout=5, max=100
P3P policyref=“/w3c/p3p.xml”, CP=“NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT”
Pragma no-cache
Server Apache/2.2.20 (Ubuntu)
Set-Cookie owa_u=deleted; expires=Thu, 17-Feb-2011 11:48:40 GMT; path=/; domain=cms1.slingshotshopping.com; secure owa_p=deleted; expires=Thu, 17-Feb-2011 11:48:40 GMT; path=/; domain=cms1.slingshotshopping.com; secure
Vary Accept-Encoding
X-Powered-By PHP/5.3.6-13ubuntu3.3

Here is a sample page: http://sd-mv.co.uk/Apples/
Here is a sample iframe content page: https://cms1.slingshotshopping.com/slingshots/embed/ref/6355f50b198477efa0b0e09a0be0bd15/force_type/iframe

Anyone got any ideas? Am I missing something really simple? Hopefully a fresh set of eyes might be able to see something I can’t.

Thank you in advance for any help.

Mitch