Reflective NLM is a web application used by your school's students and
teachers. For it to function correctly, the network must allow HTTPS (port 443)
outbound traffic to the domains listed below. All connections are encrypted and
outbound-only.
Core Application
- *.reflectivelearning.co.zaAll subdomains — HTTPS
- reflective-learning-prod.web.appFirebase Hosting — HTTPS
- reflective-learning-prod.firebaseapp.comFirebase Hosting — HTTPS
- reflective-learning-mc-2.web.appFirebase Hosting — HTTPS
- reflective-learning-mc-2.firebaseapp.comFirebase Hosting — HTTPS
Firebase & Google Services (Authentication, Storage, APIs)
- identitytoolkit.googleapis.comFirebase Auth — HTTPS
- securetoken.googleapis.comFirebase Auth tokens — HTTPS
- firebase.googleapis.comFirebase SDK — HTTPS
- firebasestorage.googleapis.comFirebase Storage — HTTPS
- storage.googleapis.comGoogle Cloud Storage — HTTPS
- *.appspot.comApp Engine APIs — HTTPS
CDN & Fonts
- assets.swarmcdn.comVideo streaming CDN — HTTPS
- fonts.googleapis.comGoogle Fonts — HTTPS
- fonts.gstatic.comGoogle Fonts files — HTTPS
- fonts.cdnfonts.comAdditional fonts — HTTPS
Lingo Vocabulary App
- learn.lingo.schoolLingo app — HTTPS
Analytics & Monitoring (optional — app works without)
- www.google-analytics.comAnalytics — HTTPS
- www.googletagmanager.comTag Manager — HTTPS
- *.clarity.msMicrosoft Clarity — HTTPS
- static.cloudflareinsights.comCloudflare Insights — HTTPS
- *.ingest.sentry.ioError monitoring — HTTPS
Note: If your firewall uses SSL inspection (HTTPS deep packet inspection),
you may need to add these domains to the SSL inspection bypass list as well.
Reflective NLM uses TLS 1.2+ and certificate pinning may interfere with inspection.