Adobe hosted domains:
- *.adobe.com
- *.adobe.io
- *.adobecc.com
- *.adobecces.com
- *.adobeccstatic.com
- *.adobedtm.com
- *.adobeexchange.com
- *.adobegenuine.com
- *.adobegov.com
- *.adobe-identity.com
- *.adobejanus.com
- *.adobelogin.com
Last updated on
Read on to find URLs and domains that must be accessible on ports 80 and 443 for relevant Adobe applications and services to function correctly.
The minimal allowlist
If you are looking for a minimum set of domains to be allowed, allowing the following top-level domains will get you going:
- *.adobeoobe.com
- *.adobeprojectm.com
- *.adobesc.com
- *.adobesc.com
- *.adobe-services.com
- *.adobess.com
- *.adobesunbreak.com
- *.adobetag.com
- *.behance.net
- *.ftcdn.net
- *.typekit.com
- *.typekit.net
- slp-statics.astockcdn.net
Amazon Web Services:
- *.s3.amazonaws.com
- s3.amazonaws.com/tron-ffc-icons-prod/
- gocart-web-prod-*.elb.amazonaws.com
Other third-party domains:
- *.cloudfront.net
- firebase-settings.crashlytics.com
- firebase*.googleapis.com
- wss://speech.platform.bing.com
- *.arkoselabs.com
Read on to find exhaustive lists of fully qualified domain names that are required to run specific Adobe services.
Downloadable allowlist
You can download the complete list of fully qualified URLs and domains here.
The downloaded file has the timestamp in its name. So each time you download it, you can save the file and use it later to compare it (using any file comparison tool) to a newer version. The comparison will give you a list of domains that Adobe has added or removed.
Following is how you can compare two files to know what has changed:
-
When you notice a change in the last updated date of the page (mentioned below the page title at the top of the page), download the list again.
-
The downloaded files have a timestamp in their names.
Use a file comparison tool (like Notepad++) to compare the latest file with the one you used or referred to last.The difference you see between the two files is what has changed since you last downloaded the allowlist. Domains that are not present in the previously downloaded file, consider adding them to your allowlist.
You may also consider removing or disallowing any domains that Adobe has removed from this list.
Note:
If you maintain your own certificate store, ensure it is updated with the latest Amazon Root CAs. Learn more here.
Exhaustive allowlists with fully qualified domains
All Adobe services
Licensing-activation services:
- lm.licenses.adobe.com
- resources.licenses.adobe.com
- cs.licenses.adobe.com
- exception.licenses.adobe.com
- pubcerts.licenses.adobe.com
- workflow.licenses.adobe.com
- auth.services.adobe.com
Deployment and fulfillment services:
- adminconsole.adobe.com
- cc-ext-prod-pkgs.s3.amazonaws.com
- ccmdls.adobe.com
- ccmdl.adobe.com
- ans.oobesaas.adobe.com
- ars.oobesaas.adobe.com
- cdn-ffc.oobesaas.adobe.com
- ffc-icons.oobesaas.adobe.com
- ffc-static-cdn.oobesaas.adobe.com
- prod-rel-ffc-ccm.oobesaas.adobe.com
- acc.adobeoobe.com
- prod.acp.adobeoobe.com
- mir-s3-cdn-cf.behance.net
- swupmf.adobe.com
- swupdl.adobe.com
- oobe.adobe.com
- productrouter.adobe.com
- s3.amazonaws.com
- s3.amazonaws.com/tron-ffc-icons-prod/
- tron-prod-customized-user-packages.s3.amazonaws.com
- armmf.adobe.com
- ardownload.adobe.com (HTTP only)
- ardownload2.adobe.com (HTTPS only)
- agsupdate.adobe.com
Adobe-hosted authentication services:
- ims-na1.adobelogin.com
- ims-prod06.adobelogin.com
- ims-prod07.adobelogin.com
- static.adobelogin.com
- delegated.adobelogin.com
- adobeid.services.adobe.com
- adobeid-na1.services.adobe.com
- auth.services.adobe.com
- federatedid-na1.services.adobe.com
- na1e-acc.services.adobe.com
- na1e.services.adobe.com
- na1r.services.adobe.com
- ad.adobe-identity.com
- ids-proxy.account.adobe.com
- lcs-cops.adobe.io
- lcs-robs.adobe.io
- lcs-entitlement.adobe.io
- lcs-ulecs.adobe.io
- ams.adobe.com
- oobe.adobe.com
- adobelogin.prod.ims.adobejanus.com
- services.prod.ims.adobejanus.com
- www-prod.adobesunbreak.com
Additional Services used for Adobe IDs:
- api-cna01.adobe-services.com
- supportanyware.adobe.io
Adobe Genuine Integrity Service:
- genuine.adobe.com
- prod.adobegenuine.com
- gocart-web-prod-*.elb.amazonaws.com
Adobe Application Manager:
- www.adobe.com
Sign in user experience:
- acc-learn.adobe.com
- acc-learn.adobe.io
- acc.adobeoobe.com
- accounts.adobe.com
- acp-ss-ue1.adobe.io
- adobe-api.arkoselabs.com
- adobe-verify.arkoselabs.com
- api.account.adobe.com
- api.typekit.com
- cc-api-data.adobe.io
- cc-api-storage.adobe.io
- client-api.arkoselabs.com
- client-verify.arkoselabs.com
- crs.cr.adobe.com
- data.typekit.net
- fonts.adobe.com
- helpx.adobe.com
- mir-s3-cdn-cf.behance.net
- notify.adobe.io
- oobe.adobe.com
- p.typekit.net
- p13n.adobe.io
- p13n-mr.adobe.io
- polka.typekit.com
- prod.adobeccstatic.com
- public.adobecc.com
- scss.adobesc.com
- ss-prod-ue1-notif-16.aws.adobess.com
- sstats.adobe.com
- state.typekit.net
- use.typekit.net
- wwwimages.adobe.com
- wwwimages2.adobe.com
Updater:
- armmf.adobe.com
- ardownload.adobe.com
- http://armdl.adobe.com/
- a3.behance.net
- a5.behance.net
- account.adobe.com
- accounts.adobe.com
- acp-ss-an1.adobe.io
- acp-ss-ew1.adobe.io
- acp-ss-ue1.adobe.io
- acp-ss.adobe.io
- *.adbecrsl.com
- *.adbephotos.com
- adminconsole.adobe.com
- adobe.ly
- adobeid-na1.services.adobe.com
- adobesearch.adobe.io
- ans.oobesaas.adobe.com
- api.account.adobe.com
- api.typekit.com
- appregistry.adobe.io
- aps-web.adobe.io
- ars.oobesaas.adobe.com
- as.ftcdn.net
- as1.ftcdn.net
- as2.ftcdn.net
- assets-cdn.adobe.com
- assets-helper.adobe.io
- assets.adobe.com
- assets.fonts.adobe.com
- audios.ftcdn.net
- auth.services.adobe.com
- awenroll.adobe.com
- byof.adobe.io
- cc-api-behance.adobe.io
- cc-api-cp.adobe.io
- cc-api-data.adobe.io
- cc-api-storage.adobe.io
- cc-cdn.adobe.com
- cc-collab.adobe.io
- cc-ext-prod-pkgs.s3.amazonaws.com
- ccext-cdn.adobecces.com
- ccext-public.adobe.io
- ccext-static.adobecces.com
- ccext.adobe.io
- ccext.adobecces.com
- cchome.adobe.io
- cclibraries-defaults-cdn.adobe.com
- ccprojects-va6.adobe.io
- ccprojects.adobe.io
- cctypekit.adobe.io
- cdn-ffc.oobesaas.adobe.com
- cdn-sharing.adobecc.com
- cdn.cp.adobe.io
- client.messaging.adobe.com
- comments.adobe.io
- community.adobe.com
- connect.ffc.adobeoobe.com
- creativecloud.adobe.com
- *.creativecloud.com
- crs.cr.adobe.com
- cvs.adobe.com
- d32a1iuc7x840y.cloudfront.net
- d3gnp5fs6fu2h7.cloudfront.net
- dnzuu5synxxfk.cloudfront.net
- data.typekit.net
- dc-api.adobe.io
- design-assets.adobeprojectm.com
- ds-an1.adobe.io
- ds-ew1.adobe.io
- ds-ue1.adobe.io
- ds.adobe.io
- exchange.adobe.com
- faster.typekit.net
- ffc-static-cdn.oobesaas.adobe.com
- firebase-settings.crashlytics.com
- firebaseinstallations.googleapis.com
- firebaselogging-pa.googleapis.com
- fonts.adobe.com
- genuine.adobe.com
- geo.adobe.com
- geo2.adobe.com
- helpx.adobe.com
- ic.adobe.io
- ids-proxy.account.adobe.com
- illustrator.adobe.com
- image.adobe.io
- ims-na1.adobelogin.com
- ims-prod06.adobelogin.com
- ims-prod07.adobelogin.com
- indd.adobe.com
- invitations.adobe.io
- landing.adobe.com
- lcs-cops.adobe.io
- lcs-robs.adobe.io
- libraries.adobe.io
- lightroom.adobe.com
- links.adobe.io
- livecreate-an1.adobe.io
- livecreate-ew1.adobe.io
- livecreate-ue1.adobe.io
- *.macromedia.com
- mail.adobegov.com
- mir-s3-cdn-cf.behance.net
- na1e-acc.services.adobe.com
- notify.adobe.io
- odin.adobe.com
- *.omniture.com
- oobe.adobe.com
- p.typekit.net
- p13n.adobe.io
- pgc.adobe.io
- photos.adobe.io
- photoshop.adobe.com
- platform-assets.typekit.net
- platform-cs-va6.adobe.io
- platform-cs.adobe.io
- polka.typekit.com
- presence-an1.adobe.io
- presence-ew1.adobe.io
- presence-ue1.adobe.io
- preview.illustrator.adobe.com
- prod-rel-ffc-ccm.oobesaas.adobe.com
- prod.adobeccstatic.com
- prod.wam.adobe.com
- psweb-cd.adobe.io
- public.adobecc.com
- s.ftcdn.net
- scss.adobesc.com
- server.messaging.adobe.com
- sensei.adobe.io
- sharedcloud-production-us-east-1-data-asset.s3.amazonaws.com
- sharedcloud-production-us-east-1-data-temp.s3.amazonaws.com
- slp-statics.astockcdn.net
- ss-prod-an1-notif-13-aws.adobess.com
- ss-prod-an1-notif-16.aws.adobess.com
- ss-prod-ew1-notif-13-aws.adobess.com
- ss-prod-ew1-notif-16.aws.adobess.com
- ss-prod-ue1-notif-13-aws.adobess.com
- ss-prod-ue1-notif-16.aws.adobess.com
- ss-prod-ue1-notif-79.aws.adobess.com
- state.typekit.net
- static-assets.photoshop.adobe.com
- static.adobelogin.com
- stock-landing-pages.adobe.io
- stock.adobe.com
- t3.ftcdn.net
- t4.ftcdn.net
- udps.adobe.com
- ui.messaging.adobe.com
- use.typekit.com
- use.typekit.net
- utut-service.adobe.com
- v.ftcdn.net
- workflow.licenses.adobe.com
- wss://livecreate-ue1.adobe.io
- wss://presence-ue1.adobe.io
- wss://speech.platform.bing.com
- www.adobe.com
- wwwimages.adobe.com
- wwwimages2.adobe.com
- xd-cdn.adobecces.com
- xd.adobe.com
- xdce.adobe.io
For a list of domains that you must allow for Acrobat, see here.
Services accessed from Creative Cloud applications
Click the required Adobe-hosted service to see the domains you must allow:
Applies to: After Effects, Dreamweaver, Illustrator, InDesign, Muse, Photoshop, Premiere Pro, Adobe XD
- *.adobesc.com
- cc-collab.adobe.io
- cc-api-cp.adobe.io
- comments.adobe.io
- sharedcloud-production*.s3.amazonaws.com
- acpprodva7apollo.blob.core.windows.net/acp-prod-va7-data*
- platform-cs*.adobe.io
- acp-ss-*.adobe.io
- *.adobess.com
- ccext.adobecces.com
- p13n.adobe.io
Applies to: After Effects, Illustrator, InDesign, Photoshop, Premiere Pro, Adobe XD
- cc-api-storage*.adobe.io
- assets.adobe.com
- assets2.adobe.com
- helpx.adobe.com
- fonts.adobe.com
- use.typekit.net
- adobeexchange.com
- *.adobesc.com
- cc-collab.adobe.io
- adbemdigitalmediarebootprod2.112.2o7.net
- polka.typekit.com
- wwwimages2.adobe.com
- sstats.adobe.com
- assets.adobedtm.com
- cdn.tt.omtrdc.net
- api.demandbase.com
- *.ftcdn.net
- *.behance.net
- dpm.demdex.net
- cc-api-image.adobe.io/createagc
- cc-api-image-x.adobe.io/agctosvg
- platform-cs*.adobe.io
- acp-ss-*.adobe.io
- *.adobess.com
- invitations.adobe.io
- public.adobecc.com
- libraries.adobe.io
Note:
Library Services have a dependency on Adobe Stock Services.
Applies to: After Effects, Illustrator, InDesign, Photoshop, Premiere Pro
- stock.adobe.com
- *.astockcdn.net
- ims-na1.adobelogin.com
- adobeid-na1.services.adobe.com
- cc-api-assets.adobe.io
- a3.behance.net
- a5.behance.net
- api.behance.net
- adobe.demdex.net
- sstats.adobe.com
- dpm.demdex.net
- assets.adobedtm.com
- adobe.tt.omtrdc.net
- as.ftcdn.net
- as1.ftcdn.net
- as2.ftcdn.net
- p.typekit.net
- use.typekit.net
- store1.adobe.com
- adobe.com
- bam.nr-data.net
- *.adobe.io
- *.s3*.amazonaws.com
- *.ftcdn.net
- bat.bing.com
- c.betrad.com
- c.evidon.com
- googleads.g.doubleclick.net
- js-agent.newrelic.com
- snap.licdn.com
- www.everestjs.net
- www.facebook.com
- www.googleadservices.com
- www.googletagmanager.com
- wwwimages2.adobe.com
- match.prod.bidr.io
- scripts.demandbase.com
- cdn.inpwrd.net
- ct.pinterest.com
- d9.flashtalking.com
- pixel.quantserve.com
- 9212252.fls.doubleclick.net
Applies to: After Effects, Dreamweaver, Illustrator, InDesign, Muse, Photoshop, Premiere Pro
- fonts.adobe.com
- api.typekit.com
- use.edgefonts.net
- adobetag.com
- adobe.demdex.net
- ans.oobesas.adobe.com
Applies to: All
- api.adobe.io
Applies to: Adobe Audition, Dreamweaver, Flash, Professional, Illustrator, InCopy, InDesign, Lightroom, Muse, Photoshop, Prelude, Premiere Pro
- adobeexchange.com/api
Applies to: All
| Licensing services for desktop applications that use activation services |
|
| Services used for registering Adobe IDs that are delegated product |
|
| Required by Adobe Application Manager |
|
| The site for IT Staff to administer Adobe Enterprise IDs and Creative Cloud for enterprise entitlements |
|
| Required by Adobe Genuine Integrity Service |
|
Applies to: After Effects, Premiere Pro, Prelude, Adobe Media Encoder
- adobe.com
- amazonaws.com
- adobe.io
- cc-api-sharedproductions-prerelease.adobe.io
- cc-api-teamprojects.adobe.io
- cc-api-teamprojects-ue1.adobe.io
- cc-api-teamprojects-ew1.adobe.io
- cc-api-teamprojects-an1.adobe.io
- docs.aws.amazon.com/general/latest/gr/
- rande.html#s3_region
Applies to: Premiere Pro
- adobe.com
- adobe.io
- adobe-voice.adobe.io
- adobe-voice-va7.adobe.io
- adobe-voice-nld2.adobe.io
- blob.core.windows.net
Applies to: Photoshop, Behance
- cai.adobe.io
- cai-identity.adobe.io
- policy.adobe.io
- cai-msb.adobe.io
- cai-manifests.adobe.com
Applies to: Lightroom
- oz-prod-masters.s3.us-west-2.amazonaws.com
- oz-prod-proxies.s3.us-west-2.amazonaws.com
- oz-prod-proxies-video-1080p.s3.us-west-2.amazonaws.com
- oz-prod-proxies-video-1080p-bt709.s3.us-west-2.amazonaws.com
- oz-prod-proxies-video-1080p709.s3.us-west-2.amazonaws.com
- oz-prod-proxies-video-360p.s3.us-west-2.amazonaws.com
- oz-prod-proxies-video-fullsize.s3.us-west-2.amazonaws.com
- revel-prod-us-west-2.s3.us-west-2.amazonaws.com
- oz-prod-asset-aux.s3.us-west-2.amazonaws.com
- oz-prod-cr-params.s3.us-west-2.amazonaws.com
- directstorage.adbephotos.com
- oz-prod-versions.s3.us-west-2.amazonaws.com
Applies to: Photoshop
- sensei.adobe.io/services/v2/predict
- image.adobe.io/sensei/mask
- image.adobe.io/utils/storage?num=2
Creative Cloud services accessed from browsers
Click the required browser-based service to see the list of domains you must allow:
Applies to: All
- adobe.com
- assets.adobe.com
- assets2.adobe.com
- creative.adobe.com
- express.adobe.com
- myportfolio.com
- api.account.adobe.com
Applies to: After Effects, Illustrator, InDesign, Photoshop, Premiere Pro, Adobe Bridge
- stock.adobe.com
- *.astockcdn.net
- ims-na1.adobelogin.com
- adobeid-na1.services.adobe.com
- cc-api-assets.adobe.io
- a3.behance.net
- api.behance.net
- adobe.demdex.net
- sstats.adobe.com
- dpm.demdex.net
- assets.adobedtm.com
- adobe.tt.omtrdc.net
- as.ftcdn.net
- as1.ftcdn.net
- as2.ftcdn.net
- fonts.adobe.com
- p.typekit.net
- use.typekit.net
- store1.adobe.com
- adobe.com
- bam.nr-data.net
- *.adobe.io
- *.s3*.amazonaws.com
- *.ftcdn.net
- bat.bing.com
- c.betrad.com
- c.evidon.com
- googleads.g.doubleclick.net
- js-agent.newrelic.com
- snap.licdn.com
- www.everestjs.net
- www.facebook.com
- www.googleadservices.com
- www.googletagmanager.com
- wwwimages2.adobe.com
- match.prod.bidr.io
- scripts.demandbase.com
- cdn.inpwrd.net
- ct.pinterest.com
- d9.flashtalking.com
- pixel.quantserve.com
- 9212252.fls.doubleclick.net
Applies to: Creative Cloud Desktop, Illustrator, InDesign, Photoshop
- prosite.com
Applies to: Premiere Pro, Prelude
- story.adobe.com
Applies to: Dreamweaver
- build.phonegap.com
Applies to: Creative Cloud Desktop, After Effects, Dreamweaver, Illustrator, InDesign, Muse, Photoshop, Premiere Pro
- fonts.adobe.com
- typekit.com
- use.typekit.net
- use.typekit.com
- p.typekit.net
- data.typekit.net
- state.typekit.net
- polka.typekit.net
- polka.typekit.com
- api.typekit.com
- dnzuu5synxxfk.cloudfront.net
Applies to: Dreamweaver, Muse
- businesscatalyst.com
Applies to: InDesign
- digitalpublishing.acrobat.com
Applies to: Photoshop, Illustrator, InDesign, After Effects, Flash Pro
- color.adobe.com
Applies to: Frame.io, Premiere Pro, After Effects
To allow access to Frame.io and associated services:
- app.frame.io
- api.frame.io
- socket.frame.io
- s3.amazonaws.com
- s3-us-west-2.amazonaws.com
- frameio-application-production.s3-accelerate.amazonaws.com
- frameio-assets-production.s3-accelerate.amazonaws.com
- d24n15hnbwhuhn.cloudfront.net
To use the Frame.io app on the web, Adobe Premiere Pro, After Effects, or any other integration:
- *.frame.io
- *.f.io
- frameio-application-production.s3-accelerate.amazonaws.com
- frameio-assets.s3.amazonaws.com
- frameio-assets-production.s3-accelerate.amazonaws.com
- wss://sockets.frame.io
- applications.frame.io
Allow the following, if you're unable to allow *.frame.io:
- activate.frame.io
- assets.frame.io
- accounts.frame.io
- picture.frame.io
- stream.frame.io
- drm.frame.io
- static-assets.frame.io
- app.frame.io
- support.frame.io
- transferapp.frame.io
- external-assets.frame.io
To allow external provides for payment, in-app support chat, analytics, product tours, and application monitoring:
- checkout.stripe.com
- js.stripe.com
- m.stripe.network
- js.intercomcdn.com
- widget.intercom.io
- static.intercomassets.com
- nexus-websocket-a.intercom.io
- nexus-websocket-b.intercom.io
- wss://nexus-websocket-a.intercom.io
- wss://nexus-websocket-b.intercom.io
- cdn.segment.io
- api.segment.io
- d24n15hnbwhuhn.cloudfront.net
- google-analytics.com
- fast.appcues.com
- api.appcues.net
- my.appcues.com
- sentry.io
- adminconsole.adobe.com
- *.services.adobe.com
- prod.acp.adobeoobe.com
- lcs-entitlement.adobe.io/v1/user
- lcs-entitlement.adobe.io/v1/trial
- lcs-cops.adobe.io
- lcs-robs.adobe.io
- lcs-entitlement.adobe.io
- lcs-ulecs.adobe.io
- licensing.adobe.com
- adobe.com
- wwwimages.adobe.com
- store.adobe.com
- store1.adobe.com
- store2.adobe.com
- store3.adobe.com
- photoshop.com
Third-party domains
These domains can be accessed by one or more of the Creative Cloud creative applications. They are optionally included to complement a user’s experience with Creative Cloud.
- access.imageclub.com
- play.google.com
- www.flickr.com
- chrome.google.com
- soundcloud.com
- www.freedb.org
- developer.apple.com
- subversion.tigris.org
- www.ietf.org
- framework.zend.com
- windowsupdate.com
- digicert.com
- geotrust.com
- globalsign.com
- godaddy.com
- twitter.com
- www.microsoft.com
- ftp.yourdomain.com
- www.amazon.com
- www.mp3licensing.com
- itunes.apple.com
- www.apple.com
- www.python.org
- jquerymobile.com
- www.color.org
- omniroot.com
- symantec.com
- symcb.com
- symcd.com
- www.rulesforuse.org
- maps.google.com
- www.eclipse.org
- www.shutterfly.com
- msdn.microsoft.com
- www.facebook.com
- www.zoomify.com
- www.evidon.com
- www.betrad.com
- *.uservoice.com
- thawte.com
- verisign.com
- api.mapbox.com
- worldsecuresystems.com
- adobe-oobe-prod-data-store-ue1.s3.amazonaws.com
- cc-ext-prod-pkgs.s3.amazonaws.com
- encoded-videos-0.s3.amazonaws.com
- fotolia-prod-3dobjects.s3.amazonaws.com
- fotolia-prod-audios-originals.s3.amazonaws.com
- fotolia-prod-templates.s3.amazonaws.com
- fotolia-prod-videos-0.s3.eu-west-1.amazonaws.com
- fotolia-prod-vectors.s3.eu-west-1.amazonaws.com
- gocart-web-prod-*.elb.amazonaws.com
- sharedcloud-production-us-east-1-data-asset.s3.amazonaws.com
- stock-apex-images-prod-ew1.s3.eu-west-1.amazonaws.com
- stock-vip-processed-prod-irl1.s3.eu-west-1.amazonaws.com
- thumbs-0.s3.amazonaws.com
- tron-prod-customized-user-packages.s3.amazonaws.com
- videos-0.s3-eu-central-1.amazonaws.com
- cc-ext-prod-pkgs.s3.amazonaws.com/Extensions/**
Regional domains
Many of the domains listed above use geography-specific aliases or IP addresses. Ensure that your firewall supports aliases.
Also, Adobe services are hosted redundantly across several servers in different regions. These hosts are subject to change for various reasons, such as system load. We do not recommend the use of IP addresses for allowing or blocking access. The IP addresses will likely be incorrect quickly after implementation - potentially within hours. In addition, the IP address information will vary depending on geographical location, and any records used will be incorrect from another location.
Join the conversation
If you have any questions or observations about the topics, concepts, or procedures described in this article, join the discussion.
Sign in to your account