This page contains lists of domains for which configuring a bypass rule is recommended to ensure SSL Inspection does not break traffic to these domains.

When using Cloud Web Security, the SSL Inpsection feature ensures that all traffic is SSL decrypted and then inspected by default.

Some traffic can be disrupted when having a “man in the middle” for its traffic in the manner that SSL Inspection works. This includes traffic using certificate pinning, Mutual TLS (mTLS) and some using WebSockets. To ensure Cloud Web Security does not break these kinds of traffic, a user can configure exceptions to this default SSL Inspection rule, which would allow the traffic to bypass SSL Inspection.
Note: To configure an SSL Inspection bypass rule, please see Configuring a Security Policy.

Below are some of the domains that are known to break SSL Inspection. It is recommended to create rules to bypass these domains:

Table 1. Microsoft Domains
cdm.microsoft.com
download.microsoft.com
media-assetcatalog.microsoft.com
mediadiscovery.microsoft.com
mp.microsoft.com
musicimage.xboxlive.com
ntservicepack.microsoft.com
sls.microsoft.com
store-images.microsoft.com
store-images.s-microsoft.com
update.microsoft.com
windowsupdate.microsoft.com
wustat.windows.com
Table 2. Apple Domains
api.apps.apple.com
configuration.apple.com
ess.apple.com
gc.apple.com
gsa.apple.com
gsas.apple.com
icloud.com
identity.apple.com
itunes.apple.com
ls.apple.com
mzstatic.com
smoot.apple.com
smp-device-content.apple.com
swcdn.apple.com
swscan.apple.com
swdist.apple.com
swdownload.apple.com
swquery.apple.com
xp.apple.com
Table 3. Conferencing Domains
anymeeting.com
ciscowebex.com
clickwebinar.com
freeconferencecall.com
gotoassist.com
gotomeeting.com
gotomypc.com
gototraining.com
gotowebinar.com
hostjoin.me
omnovia.com
on24.com
readytalk.com
skype.com
webex.com
zoom.com
zoom.us*
Note: Zoom has multiple domain names specific to the region where the user is located. Please add a bypass rule appropriate to your region.