Description

The application lacks the X-Permitted-Cross-Domain-Policies header or sets the header in a insecure value.

Impact

Allow harmful requests from Adobe Flash or PDF documents.

Recommendation

Unless the application requires Adobe products, set the X-Permitted-Cross-Domain-Policies to none in the server responses.

Threat

Unauthorized attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes