The “Cross-domain policy” files are actually XML documents that help in granting a web client, like Adobe Flash Player or Adobe Acrobat, etc. permissions so as to handle the data across various domains. When there are clients that request the content that is hosted on a specific source domain and that very content makes requests which is directed towards any domain other than its own then the remote domain must host “cross-domain policy” file that would grant access to source domain, thereby allowing client to move on with the transaction. A meta-policy is generally declared in “master policy” file. For all those who cannot write to root directory, they too can declare a meta-policy by making use of this response header.
Enablement in Apache:
The below mentioned syntax is added to “.htaccess” or “httpd.conf” file of our website.
Header set X-Permitted-Cross-Domain-Policies “master-only”
Header set X-Permitted-Cross-Domain-Policies “none”
Enablement in Nginx:
The syntax given below is added to the “nginx.conf” file.
add_header “X-Permitted-Cross-Domain-Policies” “master-only”;
add_header X-Permitted-Cross-Domain-Policies none;