Add Required Domains to Allow List for Block Page Bypass and Allow-Only Modes

Available Languages

Download Options

  • PDF     (16.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (86.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (72.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 25, 2025
Document ID:224706

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes required domains for allow list configuration to ensure website functionality in Block Page Bypass and Allow-Only modes.

    Add Domains to Allow List for Service Functionality

    To ensure that specific websites function correctly when using Block Page Bypass or Allow-Only mode in Cisco Umbrella, you must add certain domains to your allow list.

    Step-by-Step Procedure

    1. Identify Required Domains

    1. Review the services in the tables in this document.
    2. Locate the corresponding domains for each service you want to allow.

    2. Add Domains to the Allow List

    1. Log in to your Cisco Umbrella Dashboard.
    2. Navigate toPolicy>Policy Components>Destination Lists.
    3. Select the applicable destination list or create a new one.
    4. Add the required domains for each service to your allow list.

    3. Apply and Verify Changes

    1. Clear your browser cache.
    2. Wait several minutes for policy changes to take effect.
    3. Test website functionality for the affected services.
    4. If the websites do not work as expected after adding the domains, open a Cisco Umbrella Support ticket.
    note-icon

    Note: Allow-Only mode applies only to DNS requests, not to HTTP or HTTPS requests. This destination list applies to services in North America. Domain requirements can differ based on language or geographic location

    Allow-Only Mode Domains

    These domains are exclusively affected by Allow-Only mode:

    Service Domains
    google.com ssl.google-analytics.com
    www.google-analytics.com


    Block Page Bypass and Allow-Only Mode Domains

    These domains are services affected by Block Page Bypass and Allow-Only mode.

    Service Domains
    Youtube youtube.com
    www.youtube-nocookie.com
    c.youtube.com
    ytimg.l.google.com
    googlesyndication.com
    ytimg.com
    accounts.google.com</spanm.youtube.com (specific to mobile) googlevideo.com" (mostly for mobile, required for YouTube app for mobile) youtube.l.google.com youtu.be
    Twitter twimg.com
    api.twitter.com
    pic.twitter.com
    dev.twitter.com
    platform.twitter.com
    search.twitter.com
    userstream.twitter.com
    twimg0-a.akamaihd.net
    upload.twitter.com
    api.twitter.com (This provides access to Twitter via the web but redirects to "twitter.com" upon login.)
    Facebook s-static.ak.facebook.com
    static.ak.facebook.com
    graph.facebook.com
    upload.facebook.com
    chat.facebook.com
    apps.facebook.com
    channel.facebook.com
    pixel.facebook.com
    star.facebook.com
    star.c10r.facebook.com
    vupload2.facebook.com
    vupload2.t.facebook.com
    b-api.facebook.com
    facebook.com
    facebook.net
    fbcdn.net
    fbsbx.com
    iTunes itunes.apple.com
    ax.itunes.apple.com
    ax.init.itunes.apple.com
    albert.apple.com
    gs.apple.com
    phobos.apple.com
    mzstatic.com
    akamai.net
    Amazon/td> ssl-images-amazon.com
    eBay ebaystatic.com
    ebayimg.com
    ebayrtm.com
    LogMeIn logmein.com
    logmein-gateway.com
    secure.logmein.com
    wt.logmein.com
    akadns.net
    content.logmein.com
    svr-ov-crl.thawte.com
    crl.verisign.net
    ocsp.thawte.com
    ocsp.verisign.net
    Linkedin linkedin.com
    edge.quantserve.com
    secure-us.imrworldwide.com
    b.scorecardresearch.com
    pixel.quantserve.comlicdn.com
    Vimeo vimeo.com
    vimeocdn.com
    Yahoo Messenger messenger.yahoo.com
    msg.edit.yahoo.com
    msg.yahoo.com
    webcam.yahoo.com
    vc.yahoo.com
    Windows Live Messenger login.live.com
    contacts.msn.com
    storage.msn.com
    c.msn.com
    messenger.msn.com
    g.msn.com
    crl.microsoft.com
    messenger.hotmail.com
    rsi.hotmail.com
    sqm.microsoft.com
    messenger.live.com
    rad.msn.com
    spaces.live.com
    dp.msnmessenger.akadns.com
    echo.edge.messenger.live.com
    livefilestore.com
    Microsoft OneDrive akadns.net
    akamai.net
    edgesuite.net
    live.com
    live.net
    mesh.com
    microsoft.com
    msn.com
    nexus.passport.com
    nsatc.net
    verisign.com
    windows.com
    windowsupdate.com
    windowsupdate.nsatc.net
    Google Chat xmpp-server.l.google.com
    chatenabled.mail.google.com
    talkgadget.google.com
    talk.google.com
    talks.l.google.com
    Google Talk talkx.l.google.com
    talk.l.google.com
    talk.google.com
    Google Drive www.google.com
    accounts.google.com
    clients3.google.com
    talk.google.com
    drive.google.com
    www.googleapis.com
    ssl.gstatic.com
    docs.google.com
    drive.google.com
    googleusercontent.com
    s.ytimg.com
    video.google.com
    lh3.google.com
    lh4.google.com
    lh5.google.com
    lh6.google.com
    Reddit ssl.reddit.com (specifically for login functionality)
    gql.reddit.com 
    alb.reddit.com
    Office Depot a1014.g.akamai.net cdn.edgesuite.net cdn.mplxtms.com secure-cdn.mplxtms.com odcdn.comofficedepot.comstatic.www.odcdn.com.edgekey.net [Business section] business.officedepot.com.edgekey.net e3489.cd.akamaiedge.net
    Monster.com newjobs.com
    cookie.monster.com (specifically for login functionality)
    oas.monster.com (specifically for login functionality)
    Spotify Browser  Player akamaiedge.net
    ap.spotify.com
    apresolve.spotify.com
    cdn.betrad.com
    cloudfront.net
    d2c87l0yth4zbw.cloudfront.net
    embed.spotify.com
    gslb.spotify.com
    l.betrad.com
    play.spotify.com
    play.spotify.edgekey.net
    spapps.co
    spapps.spotify.edgekey.net
    Netflix btstatic.com
    customerevents.netflix.com
    movies.netflix.com
    nccp.netflix.com
    nflxext.com
    nflximg.com
    nflximg.net
    nflxvideo.net
    secure.netflix.com

    For a more updated list, please see this Netflix .txt resource
    Dropbox

    For the current list, please see this article from Dropbox: What official domains does Dropbox use?
    Pinterest pinterest.com
    s-media-cache-ak0.pinimg.com
    s-passets-cache-ak0.pinimg.com
    pinimg.com
    Slack slack.com
    a.slack-edge.com
    Box Please see this article for a list of domains from Box support: Configuring A Firewall for Box Applications

    Revision History

    Revision Publish Date Comments
    1.0
    28-Aug-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products