Most popular variants of the header value (we only show this when there's just a bunch of variants):

Header used by Adobe Flash engine to control cross-site access for Flash applications. Most websites not using Flash would prefer to set it with the value of none as an additional precaution against using them in advanced Flash-based XSS vectors. Flash-serving websites can use them to declare the scope of detailed Flash cross-site policies per Adobe specification.


We have seen 2753 websites setting the X-Permitted-Cross-Domain-Policies HTTP header and 19 unique values of this header.

Fully automated RESTful API is now available. Subscribe for your free trial today!