Posted by on November 4, 2016

If you’re using some kind of script blocker in your browser–and you should be–some websites can be very difficult to configure properly. Every script blocker I’ve used will show you a list of hosts and/or domains from which the current website is attempting to load scripts.¬†But sometimes, even though you’ve allowed every script that shows up in the list, it still won’t work unless you disable the script blocker altogether.

Here’s what I do to resolve this problem:

1. View the web page source and make a list of the domains for every referenced hostname. You might not need them all, but at least write them all down.
2. Add the domains that you are willing to trust to your script blocker’s white list. If you want to be more conservative, add them one at a time until the page works the way you want.

Here’s a list of domains that I have whitelisted to get various Microsoft login pages to¬†function:

afx.ms
aspnetcdn.com
aspnetcdn.com
bing.com
gfx.ms
hotmail.com
live.com
microsoft.com
microsoftazuread-sso.com
microsoftonline.com
microsoftonline-p.com
microsoftstore.com
microsofttranslator.com
msecnd.net
msocdn.com
office.com
office365.com
onedrive.com
onedrive.net
onenote.com
onestore.ms
optimizely.com
outlook.com
schema.org
sfx.ms
skydrive.com
s-microsoft.com
s-msft.com
visualstudio.com

I use ScriptSafe, which requires each domain name to be prefixed with “**.” if you want to blanketly trust all subdomains.

Posted in: Malware, Security

Comments

Be the first to comment.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*