<?xml version="1.0"?>
<cross-domain-policy>
	<allow-access-from domain="*.oprah.com" secure="false" />
  <allow-access-from domain="*.harpo.com" secure="false" />
  <allow-http-request-headers-from domain="*.harpo.com" headers="*" secure="false"/>
  <allow-http-request-headers-from domain="*.oprah.com" headers="*" secure="false"/>

</cross-domain-policy>