So here is my problem. I am using loadermax to load a number of child swfs. Everything works absolutely fine when the host page of the parent swf is call http (non secure) but if the page is called using https (secure) then the content and functions of the child swfs are not available. I know that this is because of the flash security settings and it is treating the secure host domain as a separate domain from the child swf. I have a crossdomain.xml policy file in the root of the domain (and yes it is all 1 domain) which is:- <?xml version="1.0" ?> <cross-domain-policy> <allow-access-from domain="ww.domain.com" secure="true" /> </cross-domain-policy> but I have also tried :- <allow-access-from domain="*" /> In the constructor of the associated class of the child swfs I have :- Security.allowDomain("www.domain.com") and in the invocation code of the parent swf I have :- <param name="allowScriptAccess" value="always" /> This should allow the secure called parent swf to access the non secure child swf content.....but it doesn't. Again I re-iterate that the application works just fine if the parent swf is called non secure. what have I missed?