The cross-domain policy file specification

cross-domain policy file is an XML document that grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain would need to host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections.

For complete details, download the cross-domain policy file specification below. The specification is a reference for the structure and use of cross-domain policy files. This information can be used by developers and content providers to make sure their applications and servers conform to the rules set forth by policy files defined in this manner.

Read the specification:


Schemas describe the structure of a document. The cross-domain policy file schema is available as DTD (Document Type Definition) or XSD (XML Schema Definition). XSDs are available to define the generic policy file schema, as well as each different type of policy file (either HTTP, HTTPS, FTP, or Socket) since policy files hosted in each of those contexts, are slightly different. Table 1 lists all available schemas for policy files.

Policy file DTDs and schemas