Using Adobe products like PDF, Flash, etc.?
You can implement this header to instruct the browser on how to handle the requests over a cross-domain. By implementing this header, you restrict loading your site’s assets from other domains to avoid resource abuse.
There are a few options available.
|none||no policy is allowed|
|master-only||allow only the master policy|
|all||everything is allowed|
|by-content-only||Allow only a certain type of content. Example – XML|
|by-ftp-only||applicable only for an FTP server|
If you don’t want to allow any policy.
Header set X-Permitted-Cross-Domain-Policies "none"
You should see the header like the following.
And, let’s say you need to implement master-only then add the following in
add_header X-Permitted-Cross-Domain-Policies master-only;
And the result.