If your company employs security measures like a firewall or proxy server, you should add the following URLs, ports, and protocols to an allowlist to ensure Copilot works as expected:
GitHub public URLs
| Domain and/or URL | Purpose |
|---|---|
https://github.com/login/* | Authentication |
https://github.com/enterprises/YOUR-ENTERPRISE/* | Authentication for managed user accounts, only required with Enterprise Managed Users |
https://api.github.com/user | User Management |
https://api.github.com/copilot_internal/* | User Management |
https://copilot-telemetry.githubusercontent.com/telemetry | Telemetry |
https://collector.github.com/* | Analytics telemetry |
https://default.exp-tas.com | Telemetry |
https://copilot-proxy.githubusercontent.com | API service for Copilot suggestions |
https://origin-tracker.githubusercontent.com | API service for Copilot suggestions |
https://*.githubcopilot.com/*1 | API service for Copilot suggestions |
https://*.individual.githubcopilot.com2 | API service for Copilot suggestions |
https://*.business.githubcopilot.com3 | API service for Copilot suggestions |
https://*.enterprise.githubcopilot.com4 | API service for Copilot suggestions |
https://*.SUBDOMAIN.ghe.com | For Copilot users on GHE.com |
https://SUBDOMAIN.ghe.com | For Copilot users on GHE.com |
Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see Further reading.
Every user of the proxy server or firewall also needs to configure their own environment to connect to Copilot. See Configuring network settings for GitHub Copilot.
Copilot coding agent recommended allowlist
The Copilot coding agent includes a built-in firewall with a recommended allowlist that is enabled by default. The recommended allowlist allows access to:
- Common operating system package repositories (for example, Debian, Ubuntu, Red Hat).
- Common container registries (for example, Docker Hub, Azure Container Registry, AWS Elastic Container Registry).
- Packages registries used by popular programming languages (C#, Dart, Go, Haskell, Java, JavaScript, Perl, PHP, Python, Ruby, Rust, Swift).
- Common certificate authorities (to allow SSL certificates to be validated).
- Hosts used to download web browsers for the Playwright MCP server.
For more information about configuring the Copilot coding agent firewall, see Customizing or disabling the firewall for GitHub Copilot coding agent.
The allowlist allows access to the following hosts:
Azure Infrastructure: Metadata Service
168.63.129.16
Certificate Authorities: DigiCert
crl3.digicert.comcrl4.digicert.comocsp.digicert.com
Certificate Authorities: Symantec
ts-crl.ws.symantec.comts-ocsp.ws.symantec.coms.symcb.coms.symcd.com
Certificate Authorities: GeoTrust
crl.geotrust.comocsp.geotrust.com
Certificate Authorities: Thawte
crl.thawte.comocsp.thawte.com
Certificate Authorities: VeriSign
crl.verisign.comocsp.verisign.com
Certificate Authorities: GlobalSign
crl.globalsign.comocsp.globalsign.com
Certificate Authorities: SSL.com
crls.ssl.comocsp.ssl.com
Certificate Authorities: IdenTrust
crl.identrust.comocsp.identrust.com
Certificate Authorities: Sectigo
crl.sectigo.comocsp.sectigo.com
Certificate Authorities: UserTrust
crl.usertrust.comocsp.usertrust.com
Container Registries: Docker
172.18.0.1ghcr.ioregistry.hub.docker.com*.docker.io*.docker.comproduction.cloudflare.docker.comauth.docker.ioquay.iomcr.microsoft.comgcr.iopublic.ecr.aws
GitHub: Content & API
*.githubusercontent.comraw.githubusercontent.comobjects.githubusercontent.comlfs.github.comgithub-cloud.githubusercontent.comgithub-cloud.s3.amazonaws.comcodeload.github.comscanning-api.github.comapi.mcp.github.comuploads.github.com/copilot/chat/attachments/
GitHub: Actions Artifact Storage
productionresultssa0.blob.core.windows.netproductionresultssa1.blob.core.windows.netproductionresultssa2.blob.core.windows.netproductionresultssa3.blob.core.windows.netproductionresultssa4.blob.core.windows.netproductionresultssa5.blob.core.windows.netproductionresultssa6.blob.core.windows.netproductionresultssa7.blob.core.windows.netproductionresultssa8.blob.core.windows.netproductionresultssa9.blob.core.windows.netproductionresultssa10.blob.core.windows.netproductionresultssa11.blob.core.windows.netproductionresultssa12.blob.core.windows.netproductionresultssa13.blob.core.windows.netproductionresultssa14.blob.core.windows.netproductionresultssa15.blob.core.windows.netproductionresultssa16.blob.core.windows.netproductionresultssa17.blob.core.windows.netproductionresultssa18.blob.core.windows.netproductionresultssa19.blob.core.windows.net
Programming Languages & Package Managers: C# / .NET
nuget.orgdist.nuget.orgapi.nuget.orgnuget.pkg.github.comdotnet.microsoft.compkgs.dev.azure.combuilds.dotnet.microsoft.comdotnetcli.blob.core.windows.netnugetregistryv2prod.blob.core.windows.netazuresearch-usnc.nuget.orgazuresearch-ussc.nuget.orgdc.services.visualstudio.comdot.netdownload.visualstudio.microsoft.comdotnetcli.azureedge.netci.dot.netwww.microsoft.comoneocsp.microsoft.comwww.microsoft.com/pkiops/crl/
Programming Languages & Package Managers: Dart
pub.devpub.dartlang.orgstorage.googleapis.com/pub-packages/storage.googleapis.com/dart-archive/
Programming Languages & Package Managers: Go
go.devgolang.orgproxy.golang.orgsum.golang.orgpkg.go.devgoproxy.iostorage.googleapis.com/proxy-golang-org-prod/
Programming Languages & Package Managers: Haskell
haskell.org*.hackage.haskell.orgget-ghcup.haskell.orgdownloads.haskell.org
Programming Languages & Package Managers: Java
www.java.comjdk.java.netapi.adoptium.netadoptium.netsearch.maven.orgmaven.apache.orgrepo.maven.apache.orgrepo1.maven.orgmaven.pkg.github.commaven-central.storage-download.googleapis.commaven.google.commaven.oracle.comjcenter.bintray.comoss.sonatype.orgrepo.spring.iogradle.orgservices.gradle.orgplugins.gradle.orgplugins-artifacts.gradle.orgrepo.grails.orgdownload.eclipse.orgdownload.oracle.com
Programming Languages & Package Managers: Node.js / JavaScript
npmjs.orgnpmjs.comregistry.npmjs.comregistry.npmjs.orgskimdb.npmjs.comnpm.pkg.github.comapi.npms.ionodejs.orgyarnpkg.comregistry.yarnpkg.comrepo.yarnpkg.comdeb.nodesource.comget.pnpm.iobun.shdeno.landregistry.bower.iobinaries.prisma.sh
Programming Languages & Package Managers: Perl
cpan.orgwww.cpan.orgmetacpan.orgcpan.metacpan.org
Programming Languages & Package Managers: PHP
repo.packagist.orgpackagist.orggetcomposer.org
Programming Languages & Package Managers: Python
pypi.python.orgpypi.orgpip.pypa.io*.pythonhosted.orgfiles.pythonhosted.orgbootstrap.pypa.ioconda.binstar.orgconda.anaconda.orgbinstar.organaconda.orgdownload.pytorch.orgrepo.continuum.iorepo.anaconda.com
Programming Languages & Package Managers: Ruby
rubygems.orgapi.rubygems.orgrubygems.pkg.github.combundler.rubygems.orggems.rubyforge.orggems.rubyonrails.orgindex.rubygems.orgcache.ruby-lang.org*.rvm.io
Programming Languages & Package Managers: Rust
crates.ioindex.crates.iostatic.crates.iosh.rustup.rsstatic.rust-lang.org
Programming Languages & Package Managers: Swift
download.swift.orgswift.orgcocoapods.orgcdn.cocoapods.org
Infrastructure & Tools: HashiCorp
releases.hashicorp.comapt.releases.hashicorp.comyum.releases.hashicorp.comregistry.terraform.io
Infrastructure & Tools: JSON Schema
json-schema.orgjson.schemastore.org
Infrastructure & Tools: Playwright
playwright.download.prss.microsoft.comcdn.playwright.devplaywright.azureedge.netplaywright-akamai.azureedge.netplaywright-verizon.azureedge.net
Linux Package Managers: Ubuntu
archive.ubuntu.comsecurity.ubuntu.comppa.launchpad.netkeyserver.ubuntu.comazure.archive.ubuntu.comapi.snapcraft.io
Linux Package Managers: Debian
deb.debian.orgsecurity.debian.orgkeyring.debian.orgpackages.debian.orgdebian.map.fastlydns.netapt.llvm.org
Linux Package Managers: Fedora
dl.fedoraproject.orgmirrors.fedoraproject.orgdownload.fedoraproject.org
Linux Package Managers: CentOS
mirror.centos.orgvault.centos.org
Linux Package Managers: Alpine
dl-cdn.alpinelinux.orgpkg.alpinelinux.org
Linux Package Managers: Arch
mirror.archlinux.orgarchlinux.org
Linux Package Managers: SUSE
download.opensuse.org
Linux Package Managers: Red Hat
cdn.redhat.com
Linux Package Managers: Common Package Sources
packagecloud.iopackages.cloud.google.compackages.microsoft.com
Other
dl.k8s.iopkgs.k8s.io
Further reading
- Network Connections in Visual Studio Code in the Visual Studio documentation
- Install and use Visual Studio and Azure Services behind a firewall or proxy server in the Microsoft documentation
Footnotes
-
Allows access to authorized users regardless of Copilot plan. Do not add this URL to your allowlist if you are using subscription-based network routing. For more information on subscription-based network routing, see Managing GitHub Copilot access to your enterprise's network. ↩
-
Allows access to authorized users via a Copilot Individual plan. Do not add this URL to your allowlist if you are using subscription-based network routing. ↩
-
Allows access to authorized users via a Copilot Business plan. Do not add this URL to your allowlist if you want to use subscription-based network routing to block users from using Copilot Business on your network. ↩
-
Allows access to authorized users via a Copilot Enterprise plan. Do not add this URL to your allowlist if you want to use subscription-based network routing to block users from using Copilot Enterprise on your network. ↩