Why should X-Permitted-Cross-Domain-Policies be master-only only

Why should **X-Permitted-Cross-Domain-Policies** be **master-only** only?

Why not just **none**?

See:
https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies

https://github.com/dionach/HeadersAnalyzer/blob/master/HeadersAnalyzer.py#L551