Rich media developer's guide

Load external assets across domains

When you add a domain to your website's crossdomain.xml file, any Flash file hosted within that domain can access data belonging to users logged into your website. Due to this, you should generally not add advertising network hosts to crossdomain.xml files on websites that contain authenticated functionality such as user profiles.


You want to load assets (like SWFs) and data (like RSS feeds) into your creatives from your own or other non-DoubleClick servers.


When you host files on your own server, each impression served for the creative counts as a request to your server. Make sure that your server can handle the extra bandwidth. If it can't, the server may crash and cause errors in your creative.

Set up the correct cross-domain policy file on the server hosting the data.

A cross-domain policy file is an XML file that provides a way for the server to indicate that its data and documents are available to SWF files served from some or all domains. Any SWF file that's served from a domain specified by the server's policy file is permitted to access data or assets from that server.

Policy files must be named crossdomain.xml and reside at the root directory of the server that's serving the file and must allow connections from either:

  • All domains using * notation, or
  • The different domains that DoubleClick Rich Media creatives are served from. Files can be served from a number of different domains depending on their type. So all possible domains must be added to the policy file.

For more information about the structure of this XML file, see:

How to

Below is a list of the DoubleClick domains that you can copy into your own crossdomain policy file, or you can download a policy file that contains the domains listed here.

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "
  <allow-access-from domain="*" secure="false"/>
  <allow-access-from domain="*" secure="false"/>
  <allow-access-from domain="*" secure="false"/>

  <allow-access-from domain="*" secure="true"/>

  <allow-access-from domain="*" secure="true"/>
  <allow-access-from domain="*" secure="false"/>
  <allow-access-from domain="*" secure="true"/>
  <allow-access-from domain="*" secure="true"/>
  <allow-access-from domain="*" secure="false"/>

When you use this method, your movie must be published as Flash version 7 or above.
Android-style image of the author of this page

Sarah is a DoubleClick Studio expert and author of this help page. Help her improve this article by leaving feedback below.

Was this article helpful?