Information Low Vega has detected that the resource has specified an insecure Flash cross-domain policy. The crossdomain.xml file has set Allow-Access-From domain attributes to wildcard values for entire top-level domains. This means that there are no domain-based restrictions on cross-site requests originating from these top-level domains. The affected resource will accept cross-site request from any sub-domain within the top-level domains specified in domain attributes. If the affected cross-domain policy is the master policy for the whole domain then this will affect any resources within the entire domain. Set a cross-domain policy that accepts requests only from specific trusted domains. Adobe Flash Player security - Website controls (policy files)