Using Adobe products like PDF, Flash, etc.?
You can implement this header to instruct the browser on how to handle the requests over a cross-domain. By implementing this header, you restrict loading your site’s assets from other domains to avoid resource abuse.
There are a few options available.
| Value | Description |
| none | no policy is allowed |
| master-only | allow only the master policy |
| all | everything is allowed |
| by-content-only | Allow only a certain type of content. Example – XML |
| by-ftp-only | applicable only for an FTP server |
Apache
If you don’t want to allow any policy.
Header set X-Permitted-Cross-Domain-Policies \"none\"You should see the header like the following.
![\"\"](\"https://themewizz.com/wp-content/uploads/2021/08/permitted-cross-domain.webp\")
Nginx
And, let’s say you need to implement master-only then add the following in nginx.conf under server block.
add_header X-Permitted-Cross-Domain-Policies master-only;And the result.
![\"\"](\"https://themewizz.com/wp-content/uploads/2021/08/nginx-permitted-cross.webp\")