Most popular variants of the header value (we only show this when there's just a bunch of variants):

Header used by Adobe Flash engine to control cross-site access for Flash applications. Most websites not using Flash would prefer to set it with the value of none as an additional precaution against using them in advanced Flash-based XSS vectors. Flash-serving websites can use them to declare the scope of detailed Flash cross-site policies per Adobe specification.


We have seen 1237 websites setting the X-Permitted-Cross-Domain-Policies HTTP header and 14 unique values of this header.