<?xml version="1.0"?>
<cross-domain-policy>
    <!-- Place top level domain name -->
    <allow-access-from domain="yourdomain.com" secure="false"/>
    <allow-access-from domain="yourdomain.com" to-ports="80,443" /> 
    <allow-http-request-headers-from domain="yourdomain.com" headers="*" />
    <!-- use if you need access from subdomains. testing/www/staging.domain.com -->
    <allow-access-from domain="*.yourdomain.com" secure="false"/>
    <allow-access-from domain="*.yourdomain.com" to-ports="80,443" /> 
    <allow-http-request-headers-from domain="*.yourdomain.com" headers="*" />
</cross-domain-policy>