Bypass list

​Akamai​ maintains a list of domains that bypass ETP Proxy for compliance and performance reasons.

There are also applications that send non-web traffic such as Session Initiation Protocol (SIP) or XMPP over TLS, utilize certificate pinning, or are incompatible with the TLS MITM certificate that is generated or uploaded in ETP and required for ETP Proxy. ETP offers a policy setting that allows you to allow or block domains that use an unsupported protocol or are incompatible. By default, the Block Incompatible Domains policy setting is not enabled. As a result, these domains bypass ETP Proxy. To block these domains, see Allow or block domains incompatible with TLS MITM certificate.

📘

If you enable the Block Incompatible Domains setting, the ​Akamai​ domains listed in this table are not blocked.

Policy conflicts may occur if multiple lists are assigned to a policy and they contain domains from the bypass list. To learn more about policy conflicts, see Policy conflicts.

​Akamai​ frequently evaluates this list and may add more domains. The bypass list currently contains these domains.

Service

Domain

​Akamai​

  • akamai.com
  • akamaihd.net
  • akamaietp.net
  • akamaiedge.net
  • edgekey.net
  • akanev.net
  • akaetp.net
  • akamaietpmitmbypasstest.com
  • akamaized.net
  • akamai-access.com
  • aktrials.com
  • akamaitechnologies.com
  • akadns.net
  • akamaiapis.net
  • etp-research.info

Apple

  • apple.com
  • mzstatic.com
  • setup.icloud.com
  • gateway.icloud.com

Cisco

  • webex.com
  • wbx2.com
  • ciscospark.com
  • webexcontent.com

Dropbox

  • client.dropbox.com
  • d.dropbox.com
  • dropboxstatic.com
  • telemetry.dropbox.com
  • dl-debug.dropbox.com
  • client-web.dropbox.com
  • bolt.dropbox.com
  • dropboxapi.com

Google

  • mail-attachment.googleusercontent.com
  • apidata.googleusercontent.com
  • googlevideo.com
  • mtalk.google.com
  • accounts.google.com
  • accounts.youtube.com
  • googleapis.com
  • googlehosted.l.googleusercontent.com
  • ssl.gstatic.com

Microsoft

  • activity.windows.com
  • crl.microsoft.com
  • msftncsi.com
  • msftconnecttest.com

Okta

  • okta.com
  • oktacdn.com

Online Certificate Status Protocol

  • ocsp.digicert.com
  • ocsp.identrust.com
  • ocsp.affirmtrust.com
  • ocsp.comodoca.com
  • ocsp.comodoca2.com
  • ocsp.comodoca3.com
  • ocsp.comodoca4.com
  • ocsp.entrust.net
  • ocsp.geotrust.com
  • ocsp.globalsign.com
  • ocsp.godaddy.com
  • ocsp.netsolssl.com
  • ocsp.omniroot.com
  • ocsp.quovadisglobal.com
  • ocsp.root-x1.letsencrypt.org
  • ocsp.starfieldtech.com
  • ocsp.startssl.com
  • ocsp.swisssign.net
  • ocsp.thawte.com
  • ocsp.trust-provider.com
  • ocsp.trustwave.com
  • ocsp.usertrust.com
  • ocsp.verisign.com
  • ocsp.wosign.com
  • ocsp.ws.symantec.com
  • ocsp1.wosign.com
  • ocsp2.wosign.cn

Other

  • ooklaserver.net
  • lastline.com
  • morganstanleyclientserv.com
  • hostupdate.vmware.com
  • duo.com
  • duosecurity.com
  • cloudsink.net

Did this page help you?