Information Info Vega has detected that the resource has specified an insecure Flash cross-domain policy. The crossdomain.xml file has set the domain attribute for allow-http-request-headers-from to a wildcard value. This means that the resource does place domain-based restrictions on HTTP headers in cross-domain requests. Configure the cross-domain policy file to accept HTTP headers only from specific trusted domains. Adobe Flash Player security - Website controls (policy files)