# Network/Email Firewall Configuration {% hint style="info" %} This documentation is intended for Enterprise IT Administrators. If you are a user seeing network connection errors, please get in touch with your IT Administrator and provide this page.\ \ Questions? Contact {% endhint %} ## Network Firewall Configuration PixieBrix initiates outgoing HTTPS network connections. PixieBrix does not use/require incoming requests. ### Outgoing Network Traffic Allowlist For PixieBrix to function properly, outgoing traffic to the following origins must be allowlisted: * `https://*.pixiebrix.com`, or the specific origins: * `https://app.pixiebrix.com`: *required for all users* * `https://static.pixiebrix.com`: *required for all users* * `https://docs.pixiebrix.com`: documentation portal, recommended for mod developers and admins * `https://www.pixiebrix.com`: website and templates, recommended for mod developers * `https://*.browser-intake-datadoghq.com`: error telemetry endpoint required for all users * `https://*.cloudflare-ech.com` : Cloudflare [Encrypted Client Hello (ECH) endpoint](https://developers.cloudflare.com/ssl/edge-certificates/ech/). Read more about [ECH for security here](https://blog.cloudflare.com/announcing-encrypted-client-hello/) * `https://cdn.jsdelivr.net` : CDN serving [Bootstrap](https://www.jsdelivr.com/package/npm/bootstrap-icons) and [Simple Icon](https://www.jsdelivr.com/package/npm/simple-icons) libraries. Required for mods that use built-in icons **If you are automatically installing via a** [browser-extension-installation-policy](https://docs.pixiebrix.com/enterprise-it-setup/browser-extension-installation-and-configuration/browser-extension-installation-policy "mention"), **you must allowlist access to the Chrome extension update site and content CDN:** * `https://clients2.google.com/service/update2/crx` * `https://clients2.googleusercontent.com/*` **If your users are performing a manual browser extension install from the Chrome Web Store, you must also allow traffic to the following Chrome Web Store listing URLs and the Chrome extension update site:** * **Chrome Web Store Download Endpoints** * `https://clients2.google.com/service/update2/crx` * `https://clients2.googleusercontent.com/*` * **Chrome Web Store Listing URLs** * **Extension Release Channel - Stable** * `https://chrome.google.com/webstore/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo` * `https://chromewebstore.google.com/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo` * **Extension Release Channel - BETA** * `https://chrome.google.com/webstore/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile` * `https://chromewebstore.google.com/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile` #### IP Address Ranges PixieBrix uses Cloudflare as a Content Delivery Network (CDN) and for DDoS protection. As of August 2025, PixieBrix utilizes the following IPv4/IPv6 addresses: ``` 162.159.142.40 172.66.2.36 2606:4700:7::21c 2a06:98c1:58::21c ``` ## Email Firewall Email is required for admins/managers to receive system alerts. Additionally, PixieBrix sends emails to team members when using Login with Email (aka "Magic Links") ### Incoming Email Domain Allowlist The following domains must be allowlisted: * `pixiebrix.com` ### Incoming System Email IP Address Allowlist System emails are sent from the following IP addresses (updated July 1, 2023): * `149.72.154.34` ## Frequently Asked Questions (FAQs) ### Is PixieBrix compatible with ZScaler? PixieBrix is compatible with ZScaler. However, you must allowlist the outgoing traffic domains listed above under Outgoing Network Traffic. ZScaler’s authentication header/URL re-writing is known to intermittently break request authentication.