header('P3P: CP="CAO PSA OUR"') sets a particular P3P Compact Policy (CP) which has been commonly used to allow third-party cookies from (i)frames to be used in Internet Explorer.
From Microsoft Knowledge Base article 323752.
Internet Explorer 6 introduced support for the Platform for Privacy
Preferences (P3P) Project. The P3P standard notes that if a FRAMESET
or a parent window references another site inside a FRAME or inside a
child window, the child site is considered third party content.
Internet Explorer, which uses the default privacy setting of Medium,
silently rejects cookies sent from third party sites.
The article describes the CP code above:
This code sample shows that your site provides you access to your own
contact information (CAO), that any analyzed data is only
"pseudo-analyzed", which means that the data is connected to your
online persona and not to your physical identity (PSA), and that your
data is not supplied to any outside agencies for those agencies to use
(OUR).
N.B. This CP is invalid as it stands since it doesn't contain any RETENTION or CATEGORIES tokens.