I have a website which allows resellers to put our login and registration forms on their website by means of an iframe. When either form is submitted, if there are no errors, the user is redirected to our website where they will see a reseller-branded page. These pages have any identifiable branding removed and a custom stylesheet makes them match the reseller's website. This is accomplished by appending the reseller's ID to a query string when loading the pages into the iframe:
<iframe src="http://www.example.com/login.php?reseller=123" width="100%" height="280" frameborder="0" style="overflow: hidden"></iframe> <form action="http://www.example.com/login.php?reseller=123" method="post">
This works in all major browsers except IE which simply displays the login or registration page again. Additionally, the custom branding no longer works resulting in the entire web page, header, footer, branding and all.
When troubleshooting this I was able to verify that everything was working normally in the server side code (PHP) right up to where the redirect was being performed. This leads me to believe that IE is ignoring the redirect but that doesn't explain why the page is loading without the branding being removed.
The solution is to include P3P headers before the redirect:
header('P3P: CP="CAO PSA OUR"');