Bypass list

‚ÄčAkamai‚Äč maintains a list of domains that bypass ‚ÄčSIA‚Äč Proxy for compliance and performance reasons.

There are also applications that send non-web traffic such as Session Initiation Protocol (SIP) or XMPP over TLS, utilize certificate pinning, or are incompatible with the TLS MITM certificate that is generated or uploaded in ‚ÄčSIA‚Äč and required for ‚ÄčSIA‚Äč Proxy. ‚ÄčSIA‚Äč offers a policy setting that allows you to allow or block domains that use an unsupported protocol or are incompatible. By default, the Block Incompatible Domains policy setting is not enabled. As a result, these domains bypass ‚ÄčSIA‚Äč Proxy. To block these domains, see Allow or block domains incompatible with TLS MITM certificate.

ūüďė

If you enable the Block Incompatible Domains setting, the ‚ÄčAkamai‚Äč domains listed in this table are not blocked.

Policy conflicts may occur if multiple lists are assigned to a policy and they contain domains from the bypass list. To learn more about policy conflicts, see Policy conflicts.

‚ÄčAkamai‚Äč frequently evaluates this list and may add more domains. The bypass list currently contains these domains.

ServiceDomain
‚ÄčAkamai‚Äč
  • akamai.com
  • akamaihd.net
  • akamaietp.net
  • akamaiedge.net
  • edgekey.net
  • akanev.net
  • akaetp.net
  • akamaietpmitmbypasstest.com
  • akamaized.net
  • akamai-access.com
  • aktrials.com
  • akamaitechnologies.com
  • akadns.net
  • akamaiapis.net
  • etp-research.info

Apple
  • apple.com
  • mzstatic.com
  • setup.icloud.com
  • gateway.icloud.com

Cisco
  • webex.com
  • wbx2.com
  • ciscospark.com
  • webexcontent.com

Dropbox
  • client.dropbox.com
  • d.dropbox.com
  • dropboxstatic.com
  • telemetry.dropbox.com
  • dl-debug.dropbox.com
  • client-web.dropbox.com
  • bolt.dropbox.com
  • dropboxapi.com

Google
  • mail-attachment.googleusercontent.com
  • apidata.googleusercontent.com
  • googlevideo.com
  • mtalk.google.com
  • accounts.google.com
  • accounts.youtube.com
  • googleapis.com
  • googlehosted.l.googleusercontent.com
  • ssl.gstatic.com

Microsoft
  • activity.windows.com
  • crl.microsoft.com
  • msftncsi.com
  • msftconnecttest.com

Okta
  • okta.com
  • oktacdn.com

Online Certificate Status Protocol
  • ocsp.digicert.com
  • ocsp.identrust.com
  • ocsp.affirmtrust.com
  • ocsp.comodoca.com
  • ocsp.comodoca2.com
  • ocsp.comodoca3.com
  • ocsp.comodoca4.com
  • ocsp.entrust.net
  • ocsp.geotrust.com
  • ocsp.globalsign.com
  • ocsp.godaddy.com
  • ocsp.netsolssl.com
  • ocsp.omniroot.com
  • ocsp.quovadisglobal.com
  • ocsp.root-x1.letsencrypt.org
  • ocsp.starfieldtech.com
  • ocsp.startssl.com
  • ocsp.swisssign.net
  • ocsp.thawte.com
  • ocsp.trust-provider.com
  • ocsp.trustwave.com
  • ocsp.usertrust.com
  • ocsp.verisign.com
  • ocsp.wosign.com
  • ocsp.ws.symantec.com
  • ocsp1.wosign.com
  • ocsp2.wosign.cn

Other
  • ooklaserver.net
  • lastline.com
  • morganstanleyclientserv.com
  • hostupdate.vmware.com
  • duo.com
  • duosecurity.com
  • cloudsink.net