Information Low Vega has detected that the resource has specified an insecure Flash cross-domain policy. The crossdomain.xml file has set the allow-http-request-headers-from secure attribute to "false". This will permit HTTPS-based resources to accept cross-domain requests over unencrypted HTTP. This will eliminate any security benefits gained from using HTTPS, potentially facilitating man-in-the-middle attacks or eavesdropping of sensitive information. Set the secure attribute to "true" in the allow-http-request-headers-from configuration setting of the policy file. Adobe Flash Player security - Website controls (policy files)