...

/

X-Permitted-Cross-Domain-Policies & Referrer-Policy

X-Permitted-Cross-Domain-Policies & Referrer-Policy

In this lesson, we'll study a couple of headers.

We'll cover the following...

Related to CORS, the X-Permitted-Cross-Domain-Policies targets cross-domain policies for Adobe products, namely Flash and Acrobat.

I won’t go too much into the details, as this is a header that targets very specific use cases, but, long story short, Adobe products handle cross-domain request through a crossdomain.xml file in the root of the domain the request is targeting. The X-Permitted-Cross-Domain-Policies defines policies to access this file.

Sounds complicated? I would simply suggest adding an X-Permitted-Cross-Domain-Policies: none and ignore clients wanting to make cross-domain requests with Flash.

In 2017, Adobe announced it would discontinue support for Flash, meaning you most ...