1

OWASP is recommending x-permitted-cross-domain header. I gone through many websites and blogs and didn't get to know the difference between x-permitted-cross-domain and CORS. Since I have implemented CORS, is it required to have x-permitted-cross-domain header?

Kindly help.

Pawan Dwivedee
  • 65
  • 6
  • See also [Does the X-Permitted-Cross-Domain-Policies header have any benefit for my website if I'm not using Adobe products?](https://security.stackexchange.com/questions/166024/does-the-x-permitted-cross-domain-policies-header-have-any-benefit-for-my-websit) – Sjoerd Mar 22 '19 at 11:01
  • Hi @Sjoerd, your mentioned ticket does not have the answer, I am looking for. Kindly provide some solid reference. Thanks in advance. – Pawan Dwivedee Mar 22 '19 at 11:17
  • @PawanDwivedee: The answer to the mentioned question is pretty clear when you need this header *"If your project is not using Flash and pdf, there is no need for that header."*. If this does not fit your question of *"Since I have implemented CORS, is it required to have x-permitted-cross-domain header?"* then it is unclear for me what you are actually asking. – Steffen Ullrich Mar 22 '19 at 11:22
  • Thanks @Steffen, Now it is clear by mentioning that it is for Flash and PDF only. – Pawan Dwivedee Mar 26 '19 at 05:30

0 Answers0