如何将P3P标头直接添加到iframe？

Question

I am using the AjaxFileUpload control, and in the source code of the AjaxControlToolkit I see that an iframe is used for this control. On my own website I have the P3P header in my web.config, but the script that uses the iframe is from the AjaxControlToolkit.dll. Below is a snippet from the source code for the toolkit. What can I add to it to get it to send this P3P header? ie8/10 are blocking a handler from the toolkit.

EDIT: The fix is to comment out iframe.security = "restricted"; I updated the code below.

    this.createIFrame = function() {

    var name = this._iframeName,
        iframe = document.createElement("IFRAME");

    iframe.width = "0";
    iframe.height = "0";
    iframe.style.display = "none";
    iframe.src = "about:blank";
    //iframe.src = "javascript:'<script>window.onload=function(){document.write(\\'<script>document.domain=\\\"" + document.domain + "\\\";<\\\\/script>\\');document.close();};<\/script>'";
    iframe.id = name;
    iframe.name = name;
    //iframe.security = "restricted";
    document.body.appendChild(iframe);
    iframe.contentWindow.name = name;
    $addHandlers(iframe, {
        load: Function.createDelegate(this, this.onIFrameLoadedHandler)
    });

    this._iframe = iframe;
};

this.onIFrameLoadedHandler = function (e) {
    /// <summary>
    /// Event handler to capture when iframe receive response from server.
    /// </summary>
    /// <param name="e"></param>

    if (!control._currentFileId)
        return;

    try {

        var iframe = this._iframe, doc = null;

        // Only test the iframe data, exception should thrown if something went wrong.
        if (iframe.contentDocument)
            // Firefox, Opera
            doc = iframe.contentDocument;
        else if (iframe.contentWindow)
            // Internet Explorer
            doc = iframe.contentWindow.document;
        else if (iframe.document)
            // Others?
            doc = iframe.document;

        if (doc == null)
            throw "Document not initialized";

        // finalizing and upload next file
        control.doneAndUploadNextFile(control.getCurrentFileItem());

    } catch (e) {

        // Cancelation / aborting upload can causing 'Access is denied' or 'Permission denied' on IE 9 bellow,
        // let's consider this exception is not trully error exception from server.
        if (!control._canceled || !(e.message && (e.message.indexOf("Access is denied") > -1 || e.message.indexOf("Permission denied") > -1))) {
            this.raiseUploadError(e);
            throw e;
        }
    } 
};

Answer 1

The fix for this was to remove one little line:

iframe.security = "restricted";

Keeping that line in there makes ie treat the iframe with the same level of security as a site in the user's "Restricted" list.