I am running my application in frames. The parent frame is being owned by the client and the child frame i hosting my app on the browser. To overcome the IE 5.x security restirctions for teh third party applications(so that session can work properly) i need to include a p3p(third party policy file) as part of my http responses. I went through webdeafult.xml but could not figure out about how to include it. Could anyone tell me which file to use for this or how to configure my jboss-jetty to get it done. Any help/pointers is highly appreciated. I am running Jboss 3.0.4(jetty included) version.