Seeing intermittent checkout issues? Add-to-cart not working? Pages failing to load fully, but only when you’re on your office network, yet everything works perfectly at home or on mobile data?
You’re not imagining things.
Corporate firewalls (Sophos, Zscaler, Cisco Umbrella, Fortinet, etc.) quietly block a lot of web scripts, and Magento relies heavily on third-party JS, AJAX calls, and remote services. When one critical script gets blocked, even if it seems unrelated, the entire page can break.
Below are the most common categories and the top 10 services that get blocked and cause Magento sites to malfunction on internal networks.
Analytics & Script Loaders Typically Blocked
These are often classified as “tracking,” “ads,” or “behavior monitoring.”
Top 10 commonly blocked domains:
www.google-analytics.com
www.googletagmanager.com
stats.g.doubleclick.net
connect.facebook.net
analytics.tiktok.com
cdn.segment.com
cdn.amplitude.com
static.hotjar.com
cdn.fullstory.com
cdn.luckyorange.com (Lucky Orange is extremely common)
Impact: tracking pixels fail, but more importantly: JavaScript dies early, GTM never initializes, and Magento modules that rely on bundled scripts silently crash.
Payment, Fraud, & Identity Scripts That Firewalls Love to Kill
These are essential for checkout…when blocked, customers experience freezes, failed submissions, or odd amount issues.
Top 10 commonly blocked domains:
secure.authorize.net
api.authorize.net
centinelapi.cardinalcommerce.com
songbird.cardinalcommerce.com
www.paypal.com
paypalobjects.com
js.stripe.com
api.stripe.com
client-analytics.braintreegateway.com
api.klarna.comImpact:
- Checkout hangs
- “Place Order” button doesn’t respond
- 3DS/AVS checks never complete
- Unexpected full charges vs. pre-auth amounts
- Magento never receives confirmation from the payment gateway
CDNs and Utility Libraries Blocked for No Good Reason
These aren’t sketchy…. but strict corporate filtering doesn’t care.
Top 10 commonly blocked domains:
cdnjs.cloudflare.com
cdn.jsdelivr.net
unpkg.com
fonts.googleapis.com
fonts.gstatic.com
cdn.shopify.com (used indirectly by many extensions)
use.fontawesome.com
ajax.googleapis.com
cdn.rawgit.com
i.vimeocdn.com (prevents embedded videos from loading)Impact: CSS fails, JS libraries fail, layout shifts, theme scripts don’t initialize, hero videos break, and in some cases checkout JS doesn’t load.
Magento Data, AJAX, & API Endpoints Blocked by Over-Eager Filters
These get flagged as “API,” “Unknown,” or “Potential Data Exfiltration.”
Top 10 blocked Magento endpoints:
/customer/section/load/
/rest/default/V1/*
/rest/V1/guest-carts/*
/graphql
/checkout/* AJAX calls
/ajax/* custom endpoints
/api/* custom modules
/static/* (when fingerprinted as JS injection)
/pub/media/* (flagged as mixed content on old networks)
/search/* for Algolia or external SaaS searchImpact:
- Mini-cart won’t update
- Cart totals freeze
- Logged-in state disappears
- Product options don’t load
- Search doesn’t work
- Shipping/payment methods fail to refresh
Heatmaps & Session Replay Tools Frequently Blocked
These are often treated as “surveillance software,” which causes major JS failures.
Top 10 services blocked:
Lucky Orange - cdn.luckyorange.com
Hotjar - static.hotjar.com
FullStory - cdn.fullstory.com
Mouseflow - cdn.mouseflow.com
CrazyEgg - script.crazyegg.com
Smartlook - web-sdk.smartlook.com
Inspectlet - cdn.inspectlet.com
Zoho PageSense - cdn.pagesense.io
Clarity (Microsoft) - www.clarity.ms
Heap - cdn.heapanalytics.comImpact:
Even when “disabled,” these scripts can still attach events and break other JS — causing cart, checkout, and form issues.
Corporate firewalls can be frustrating…. especially when your Magento site works perfectly everywhere except on your company network. If you’re still running into issues, our team can review your logs, check script loading behavior, and help your IT team build the right allowlist.
Still Need Help?
Share: