Using Adobe products like PDF, Flash, etc.?
You can implement this header to instruct the browser on how to handle the requests over a cross-domain. By implementing this header, you restrict loading your site’s assets from other domains to avoid resource abuse.
There are a few options available.
Value | Description |
none | no policy is allowed |
master-only | allow only the master policy |
all | everything is allowed |
by-content-only | Allow only a certain type of content. Example – XML |
by-ftp-only | applicable only for an FTP server |
Apache
If you don’t want to allow any policy.
Header set X-Permitted-Cross-Domain-Policies \"none\"
You should see the header like the following.

Nginx
And, let’s say you need to implement master-only then add the following in nginx.conf
under server
block.
add_header X-Permitted-Cross-Domain-Policies master-only;
And the result.

Useful Tools for HTTP Security Headers
To analyze and improve your website’s HTTP headers, including security headers, consider using these online scanners:
- Tech Support Office HTTP Header Scanner:
Scan your website and get recommendations to improve security.
https://techsupportoffice.com/http-header-scanner - Themewizz HTTP Header Scanner:
Another useful tool to analyze your site’s headers and security.
https://themewizz.com/http-header-scanner/