Using Adobe products like PDF, Flash, etc.?
You can implement this header to instruct the browser on how to handle the requests over a cross-domain. By implementing this header, you restrict loading your site’s assets from other domains to avoid resource abuse.
There are a few options available.
| Value | Description |
| none | no policy is allowed |
| master-only | allow only the master policy |
| all | everything is allowed |
| by-content-only | Allow only a certain type of content. Example – XML |
| by-ftp-only | applicable only for an FTP server |
Apache
If you don’t want to allow any policy.
Header set X-Permitted-Cross-Domain-Policies \"none\"You should see the header like the following.
![\"\"](\"https://themewizz.com/wp-content/uploads/2021/08/permitted-cross-domain.webp\")
Nginx
And, let’s say you need to implement master-only then add the following in nginx.conf under server block.
add_header X-Permitted-Cross-Domain-Policies master-only;And the result.
![\"\"](\"https://themewizz.com/wp-content/uploads/2021/08/nginx-permitted-cross.webp\")
Useful Tools for HTTP Security Headers
To analyze and improve your website’s HTTP headers, including security headers, consider using these online scanners:
- Tech Support Office HTTP Header Scanner:
Scan your website and get recommendations to improve security.
https://techsupportoffice.com/http-header-scanner - Themewizz HTTP Header Scanner:
Another useful tool to analyze your site’s headers and security.
https://themewizz.com/http-header-scanner/