Comprehensive Domain & Service Whitelist
This KB outlines the steps necessary to whitelist the Empath platform in your browser and network settings to ensure proper tracking of course progression and functionality of embedded content.
Summary
This document provides a comprehensive list of all external domains and services that must be allowed through network filters, firewalls, ad blockers, and DNS filtering tools for the Empath platform to function correctly.
Why this matters: Users running tools like Perimeter 81, uBlock Origin, Privacy Badger, Pi-hole, NextDNS, Cisco Umbrella, or enterprise browser policies frequently experience issues ranging from failed logins to broken video playback and missing UI elements. Whitelisting the domains below resolves these issues.
Quick-Copy Allow List (All Required Domains)
Copy and paste this flat list into your filtering tool's allow list:
app.empathmsp.com
api-v2.empathmsp.com
empathmsp.com
*.us.frontegg.com
api.us.frontegg.com
customer-pbkwsh8u7tv1cfs9.cloudflarestream.com
*.cloudflarestream.com
*.videodelivery.net
vimeo.com
player.vimeo.com
api.vimeo.com
youtube.com
www.youtube.com
youtu.be
*.appsync-api.us-east-1.amazonaws.com
*.appsync-realtime-api.us-east-1.amazonaws.com
*.execute-api.us-east-1.amazonaws.com
empath-api-prod-assets.s3.us-east-1.amazonaws.com
empath-api-prod-assets.s3.amazonaws.com
app.posthog.com
*.ingest.sentry.io
www.clarity.ms
js.hs-scripts.com
*.hubspot.com
*.hs-analytics.net
*.hsforms.com
*.hscollectedforms.net
*.hubapi.com
*.hs-banner.com
js.chargebee.com
*.chargebee.com
embed-814018711.sleekplan.app
*.sleekplan.app
login.microsoftonline.com
graph.microsoft.com
learn.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
cdn.jsdelivr.net
unpkg.com
*.add-to-calendar-pro.com
Detailed Breakdown by Category
1. Empath Core Domains (Required)
These are the primary Empath platform domains.
| Domain | Purpose |
|---|---|
app.empathmsp.com |
Main application |
api-v2.empathmsp.com |
REST API backend |
empathmsp.com |
Main website and help center |
If blocked: The platform will not load at all, or API calls will fail causing blank pages and broken features.
2. Authentication - Frontegg (Critical)
Frontegg powers all login, SSO, session management, and user identity for Empath. This is the most common source of issues with network filters.
| Domain | Purpose |
|---|---|
*.us.frontegg.com |
Authentication provider (wildcard covers all tenants) |
empathmsp.us.frontegg.com |
Production authentication tenant |
api.us.frontegg.com |
Frontegg API |
If blocked: Users will experience login failures, infinite redirect loops, sessions expiring unexpectedly, "unauthorized" errors, or inability to switch tenants. This is the #1 issue reported by users with network filtering tools.
3. AWS Infrastructure
Empath's backend services run on AWS. These domains handle API calls, real-time updates, and file storage.
| Domain | Purpose |
|---|---|
*.appsync-api.us-east-1.amazonaws.com |
GraphQL API |
*.appsync-realtime-api.us-east-1.amazonaws.com |
WebSocket connections (real-time updates) |
*.execute-api.us-east-1.amazonaws.com |
API Gateway / proxy endpoints |
empath-api-prod-assets.s3.us-east-1.amazonaws.com |
File storage (thumbnails, documents, SCORM packages) |
empath-api-prod-assets.s3.amazonaws.com |
File storage (alternate URL) |
If blocked: Course content won't load, file uploads/downloads will fail, real-time notifications won't work, and SCORM packages won't launch.
4. Video Delivery - Cloudflare Stream
Cloudflare Stream is the primary video hosting and delivery platform for Empath course content.
| Domain | Purpose |
|---|---|
customer-pbkwsh8u7tv1cfs9.cloudflarestream.com |
Video streaming delivery |
*.cloudflarestream.com |
Cloudflare Stream (wildcard) |
*.videodelivery.net |
Cloudflare Stream alternate CDN |
If blocked: Course videos will not play. The video player will show a loading spinner indefinitely or display an error. Video uploads from content admins will also fail.
5. Video Embeds - Vimeo
Some course content uses embedded Vimeo videos.
| Domain | Purpose |
|---|---|
vimeo.com |
Vimeo video platform |
player.vimeo.com |
Vimeo embedded player |
api.vimeo.com |
Vimeo API (video metadata) |
If blocked: Vimeo-hosted lesson videos will not play or will show a blank frame.
6. Video Embeds - YouTube
YouTube videos can be embedded in courses and livestream content.
| Domain | Purpose |
|---|---|
youtube.com / www.youtube.com |
YouTube video platform |
youtu.be |
YouTube short links |
If blocked: YouTube-embedded lessons and playlist-imported courses will not play.
7. Analytics & Monitoring
These services help the Empath team monitor platform health, track errors, and improve the user experience.
| Domain | Purpose |
|---|---|
app.posthog.com |
Product analytics and feature flags |
*.ingest.sentry.io |
Error tracking and performance monitoring |
www.clarity.ms |
Microsoft Clarity session analytics |
If blocked: While the core platform will still function, PostHog also powers feature flags, so blocking it may cause some features to not appear or behave unexpectedly. Error reporting to the Empath team will also be disrupted, making it harder to diagnose issues.
8. Support Chat - HubSpot
The in-app support chat bubble in the lower-right corner is powered by HubSpot.
| Domain | Purpose |
|---|---|
js.hs-scripts.com |
HubSpot chat widget script |
*.hubspot.com |
HubSpot platform |
*.hs-analytics.net |
HubSpot analytics |
*.hsforms.com |
HubSpot forms |
*.hscollectedforms.net |
HubSpot form collection |
*.hubapi.com |
HubSpot API |
*.hs-banner.com |
HubSpot consent banner |
If blocked: The support chat bubble will not appear, and users won't be able to reach Empath support directly from within the platform. If you need support and chat is blocked, email support@empathmsp.com instead.
9. Billing - Chargebee
Chargebee handles subscription management and billing within Empath.
| Domain | Purpose |
|---|---|
js.chargebee.com |
Chargebee billing widget |
*.chargebee.com |
Chargebee platform |
If blocked: Subscription management pages will not load. Users will be unable to view or modify their billing information.
10. Feedback Portal - Sleekplan
The Feedback section of Empath uses Sleekplan for feature requests and voting.
| Domain | Purpose |
|---|---|
embed-814018711.sleekplan.app |
Sleekplan feedback widget |
*.sleekplan.app |
Sleekplan platform |
If blocked: The Feedback page will show a blank iframe instead of the feedback portal.
11. Microsoft Integrations
Empath integrates with Microsoft for SSO and Microsoft Learn course content.
| Domain | Purpose |
|---|---|
login.microsoftonline.com |
Microsoft OAuth authentication |
graph.microsoft.com |
Microsoft Graph API |
learn.microsoft.com |
Microsoft Learn content (external links) |
If blocked: Microsoft Learn integration will not work. Users who authenticate via Microsoft SSO will be unable to log in.
12. Fonts & CDN Resources
These domains deliver fonts and JavaScript libraries required by the platform.
| Domain | Purpose |
|---|---|
fonts.googleapis.com |
Google Fonts stylesheet |
fonts.gstatic.com |
Google Fonts file delivery |
cdn.jsdelivr.net |
SCORM player library |
unpkg.com |
JavaScript library CDN |
If blocked: The platform will render with fallback fonts (visually degraded). SCORM course packages may fail to launch or track progress incorrectly.
13. Calendar Integration
| Domain | Purpose |
|---|---|
*.add-to-calendar-pro.com |
Add-to-Calendar button for livestream events |
If blocked: The "Add to Calendar" button on livestream events will not function.
Common Symptoms When Domains Are Blocked
| Symptom | Likely Blocked Domain(s) |
|---|---|
| Can't log in / login loops | *.us.frontegg.com, login.microsoftonline.com |
| Videos don't play | *.cloudflarestream.com, *.videodelivery.net, vimeo.com, youtube.com |
| Blank pages or API errors | api-v2.empathmsp.com, *.execute-api.us-east-1.amazonaws.com |
| Support chat missing | js.hs-scripts.com, *.hubspot.com |
| Billing page broken | js.chargebee.com |
| Feedback page blank | *.sleekplan.app |
| SCORM courses won't launch | cdn.jsdelivr.net, *.s3.amazonaws.com |
| Features missing or behaving oddly | app.posthog.com (feature flags) |
| Fonts look wrong | fonts.googleapis.com, fonts.gstatic.com |
| File downloads fail | empath-api-prod-assets.s3.us-east-1.amazonaws.com |
| Microsoft Learn not working | login.microsoftonline.com, graph.microsoft.com |
Instructions by Filtering Tool Type
Network Firewalls (Perimeter 81, Cisco Umbrella, Zscaler)
- Add all domains from the Quick-Copy Allow List above to your web filtering policy
- Ensure HTTPS inspection/SSL decryption is configured to trust traffic to these domains
- If using category-based filtering, ensure "SaaS Applications," "Cloud Storage," and "Streaming Media" categories are allowed
- Pay special attention to
*.us.frontegg.comas auth traffic is the most commonly disrupted
Browser Ad Blockers (uBlock Origin, AdBlock, Privacy Badger)
- Add
app.empathmsp.comto your extension's trusted/whitelisted sites list - This typically disables all blocking rules for the Empath domain
- In uBlock Origin: click the extension icon while on Empath, then click the power button to disable for the site
- In Privacy Badger: click the extension icon while on Empath, then click "Disable for this site"
DNS Filtering (Pi-hole, NextDNS, Cloudflare Gateway)
- Add all domains from the Quick-Copy Allow List to your DNS allow list
- Wildcard entries (e.g.,
*.us.frontegg.com) may need to be added as individual domains depending on your DNS filter - If your tool supports regex, you can use patterns like
.*\\.frontegg\\.com$
Enterprise Browser Policies (Intune, GPO)
- Ensure the domains above are added to the browser's "Allowed Sites" or cookie exception list
- Verify that third-party cookie policies permit
*.us.frontegg.comfor authentication - Ensure iframes are permitted for
*.sleekplan.app,vimeo.com, andyoutube.com
Privacy-Focused Browsers (Brave, DuckDuckGo Browser)
- Add
app.empathmsp.comto the browser's Shields/protection exceptions - In Brave: visit Empath, click the Brave Shields icon in the address bar, and toggle shields down for the site
Troubleshooting Tip
If you're unsure whether a network filter is causing issues, test in a clean/vanilla browser profile:
- Open a private/incognito window with all extensions disabled
- Navigate to
app.empathmsp.comand log in - If the issue resolves, a browser extension or network filter is the cause
- Re-enable extensions one at a time to identify the culprit
Alternatively, test in Microsoft Edge with default settings (no extensions), as it provides a reliable baseline.
Need Help?
If you continue to experience issues after whitelisting these domains:
- Use the in-app chat bubble (if visible) to contact support
- Email
support@empathmsp.com - Include: your browser name/version, any extensions installed, your network filtering tool name, and a description of the issue
Loom Guide:
https://www.loom.com/share/e6f968fc897341a18f801f15dc207c2a
Last updated: March 27, 2026
This list is maintained by the Empath Product & Engineering team and will be updated as new services are added.