123 lines
2.4 KiB
Plaintext
123 lines
2.4 KiB
Plaintext
# Third-party host denylist used by find-api-calls.sh --urls.
|
|
#
|
|
# Patterns are extended-regex hostname suffixes / fragments. A host is
|
|
# considered "third-party noise" if any pattern below matches anywhere
|
|
# in the hostname. Lines starting with '#' and blank lines are ignored.
|
|
#
|
|
# This list is intentionally conservative: when a pattern would hide a
|
|
# legitimate first-party host (e.g. an app may run its own *.s3.amazonaws.com
|
|
# bucket), keep the pattern but expect manual review of the bucketed output.
|
|
|
|
# Google / Firebase / Play / Crashlytics
|
|
\.googleapis\.com$
|
|
\.google\.com$
|
|
\.gstatic\.com$
|
|
\.googleusercontent\.com$
|
|
\.googletagmanager\.com$
|
|
\.googlesyndication\.com$
|
|
\.firebaseio\.com$
|
|
\.firebaseapp\.com$
|
|
\.firebaseinstallations\.googleapis\.com$
|
|
\.firebaseremoteconfig\.googleapis\.com$
|
|
\.crashlytics\.com$
|
|
\.app-measurement\.com$
|
|
|
|
# Apple / Microsoft / Adobe
|
|
\.apple\.com$
|
|
\.icloud\.com$
|
|
\.microsoft\.com$
|
|
\.live\.com$
|
|
\.office\.com$
|
|
\.adobe\.com$
|
|
ns\.adobe\.com
|
|
|
|
# Meta
|
|
\.facebook\.com$
|
|
\.fbcdn\.net$
|
|
\.instagram\.com$
|
|
\.whatsapp\.com$
|
|
|
|
# Other social / messaging / video
|
|
\.twitter\.com$
|
|
\.x\.com$
|
|
\.tiktok\.com$
|
|
\.youtube\.com$
|
|
\.youtu\.be$
|
|
\.linkedin\.com$
|
|
\.snapchat\.com$
|
|
\.pinterest\.com$
|
|
\.reddit\.com$
|
|
|
|
# Mobile attribution / analytics / observability
|
|
\.appsflyersdk\.com$
|
|
\.appsflyer\.com$
|
|
\.adjust\.com$
|
|
\.branch\.io$
|
|
\.amplitude\.com$
|
|
\.segment\.com$
|
|
\.mixpanel\.com$
|
|
\.hotjar\.com$
|
|
\.clarity\.ms$
|
|
\.datadoghq\.(com|eu|us)$
|
|
\.sentry\.io$
|
|
\.bugsnag\.com$
|
|
\.newrelic\.com$
|
|
\.instabug\.com$
|
|
\.embrace\.io$
|
|
\.rollout\.io$
|
|
\.launchdarkly\.com$
|
|
|
|
# Push / notifications
|
|
\.onesignal\.com$
|
|
\.urbanairship\.com$
|
|
\.airship\.com$
|
|
|
|
# Support / chat
|
|
\.zendesk\.com$
|
|
\.intercom\.io$
|
|
\.intercomcdn\.com$
|
|
\.helpshift\.com$
|
|
\.salesforce\.com$
|
|
\.freshchat\.com$
|
|
\.kustomerapp\.com$
|
|
|
|
# Payments
|
|
\.stripe\.com$
|
|
\.braintreepayments\.com$
|
|
\.braintreegateway\.com$
|
|
\.payu\.com$
|
|
\.payu\.in$
|
|
\.paypal\.com$
|
|
\.adyen\.com$
|
|
\.checkout\.com$
|
|
\.klarna\.com$
|
|
|
|
# Maps / location
|
|
\.mapbox\.com$
|
|
\.openstreetmap\.org$
|
|
|
|
# Storage / CDN (often third-party even when the bucket name is app-specific)
|
|
\.s3\.amazonaws\.com$
|
|
\.cloudfront\.net$
|
|
\.akamaihd\.net$
|
|
\.akamaized\.net$
|
|
\.fastly\.net$
|
|
\.cloudflare\.com$
|
|
\.azureedge\.net$
|
|
|
|
# DNS / well-known infra
|
|
\.localhost$
|
|
^localhost
|
|
^127\.
|
|
|
|
# Standards / RFCs / placeholders that show up as XML/XMP namespaces
|
|
\.w3\.org$
|
|
\.w3c\.org$
|
|
example\.(com|org|net)$
|
|
|
|
# Certificate authorities
|
|
\.sectigo\.com$
|
|
\.entrust\.com$
|
|
\.digicert\.com$
|
|
\.letsencrypt\.org$
|