Skip to main content
When Claude Desktop on third-party (3P) is configured with Google Cloud’s Agent Platform, Amazon Bedrock, or Microsoft Foundry, the app sends conversation content only to your configured inference endpoint. For Microsoft Foundry, how data is handled beyond that endpoint depends on the deployment’s hosting option; see Claude in Microsoft Foundry. The app does, by default, send a small amount of operational telemetry (crash reports and product analytics) that helps Anthropic diagnose issues and improve the product. Each category can be disabled independently via managed configuration. This page covers what each category contains, how to turn it off, and the complete set of outbound hostnames the app uses so you can configure your perimeter firewall.

Telemetry categories

Essential telemetry

Crash reports, error stack traces, and performance timings. Contains diagnostic metadata (app version, OS, error type, redacted stack frames) but never prompt or response content. Attributed to your organization via deploymentOrganizationUuid so Anthropic support can find issues you report.
SettingDefaultEffect when true
disableEssentialTelemetryfalseNo crash or error data leaves the device.
Disabling essential telemetry opts you into a manual support model. Anthropic will have zero remote visibility into failures on your fleet, so to get help with an issue your team will need to collect application logs from affected machines and send them to Anthropic directly. Leave this enabled during initial rollout.

Non-essential telemetry

Product-usage analytics: feature adoption, session counts, UI interactions. Used to understand how Claude Desktop is used in aggregate. Contains no prompt or response content. Also gates the Send button in Help → Generate Diagnostic Report; with this disabled, diagnostic bundles can only be saved locally.
SettingDefaultEffect when true
disableNonessentialTelemetryfalseNo product analytics leave the device.
Leaving this enabled also adds api.anthropic.com to the agent egress allowlist automatically, so Claude Code can deliver its usage telemetry from inside the sandbox. Allow that host at the perimeter too; it appears in the non-essential telemetry table below.

Non-essential services

Cosmetic third-party fetches: favicons for connectors shown in the UI, the MCP connector directory lookup, and the sandboxed iframe that renders interactive artifact previews. Disabling these degrades the UI slightly (generic icons, no directory suggestions, static artifact previews) but doesn’t affect functionality.
SettingDefaultEffect when true
disableNonessentialServicesfalseFavicon and artifact-preview fetches are blocked.

Auto-updates

Checks Anthropic’s update feed and downloads new builds.
SettingDefaultEffect when true
disableAutoUpdatesfalseThe app never checks for or downloads updates. Your IT team must redistribute new builds.

Sending telemetry to your own collector

Independently of what’s sent to Anthropic, you can export session activity to your own OpenTelemetry collector by setting otlpEndpoint. This is the recommended way to retain an audit trail in environments that disable Anthropic-bound telemetry. By default the export includes session metadata (event names, durations, token counts, result counts, errors) but not message content. See Monitoring for the event schema and the otlp* keys in the configuration reference. The export carries logs and metrics. Cowork sessions, Code tab sessions, and the desktop application’s own events arrive under the service.name values cowork, claude-code-desktop, and claude-desktop respectively. The app adds the collector host to the sandbox egress allowlist automatically, so otlpEndpoint does not need an entry in coworkEgressAllowedHosts; your perimeter firewall still needs to allow the host. For collector authentication headers, extra resource attributes, and the log level of the desktop application’s own event stream, see otlpHeaders, otlpResourceAttributes, and otlpDesktopLogLevel in the configuration reference.

Exporter protocol

The otlpProtocol key selects the transport for the telemetry export to your collector: http/protobuf (the default), http/json, or grpc. The protocol applies per session type:
  • Code tab sessions export over the protocol as configured, including grpc.
  • Cowork sessions do not support gRPC export. When otlpProtocol is set to grpc, Cowork sessions export over http/protobuf instead; other protocol values apply as configured.
The fallback changes the protocol only, not the endpoint. When otlpProtocol is grpc, Cowork’s export goes to the same otlpEndpoint over HTTP; if that address is your collector’s OTLP/gRPC receiver (conventionally port 4317), Cowork telemetry never reaches the collector. To receive telemetry from both session types with one collector, set otlpProtocol to http/protobuf and point otlpEndpoint at the collector’s OTLP/HTTP receiver (conventionally port 4318).

Content capture

To include content in the export, set otlpContentCapture to an array of categories:
CategoryCaptures
userPromptsUser message text
assistantResponsesModel response text
toolDetailsTool input arguments (for example, the web-search query string)
toolContentTool output content
rawApiBodiesFull inference request and response bodies
On Claude Desktop version 1.17377 or later, enabling userPrompts also captures model responses, even if assistantResponses is not listed. On those versions, no otlpContentCapture configuration captures user prompts without model responses. Content is exported only to your configured otlpEndpoint. Anthropic does not receive it.

Required egress paths

Claude Desktop on 3P has two independent network boundaries:
  1. Perimeter firewall: your corporate network controls what the device can reach. The hostnames below are what you allowlist here.
  2. Agent egress allowlist: the coworkEgressAllowedHosts key controls what the agent’s web-fetch and shell tools can reach. This is independent of, and stricter than, the perimeter.
The Egress Requirements section of the in-app configuration window is the authoritative source for your deployment. It computes the exact allowlist from your current settings, updates as you change them, and can export the list as a text file for your firewall team. Use the tables below as a static reference; defer to the configuration window for the precise set your build requires.
All traffic is HTTPS on port 443. Allowlist by hostname (SNI); path-level rules aren’t required.

Always required

HostPurpose
downloads.claude.aiVM workspace bundle and Claude CLI binary, fetched at session start. Without this, Cowork sessions cannot start, unless the app was installed with the offline installer variant, which includes both components in the installer package.

Inference provider

The host(s) for your configured provider. These carry conversation content.
HostPurpose
<region>-aiplatform.googleapis.comModel inference (or aiplatform.googleapis.com for the global region). Replaced by the host of inferenceVertexBaseUrl if set.
oauth2.googleapis.comGoogle auth token exchange
sts.googleapis.comGoogle auth token exchange
accounts.google.comGoogle auth token exchange
iamcredentials.googleapis.comGoogle auth token exchange

Auto-updates (disableAutoUpdates: false)

HostPurpose
claude.aiUpdate feed
api.anthropic.comUpdate feed
downloads.claude.aiUpdate binaries (already required above)

Essential telemetry (disableEssentialTelemetry: false)

HostPurpose
sentry.ioCrash and error reporting (apex; some firewalls don’t match it under *.sentry.io)
*.sentry.ioCrash and error reporting
*.ingest.us.sentry.ioCrash and error reporting (listed separately for firewalls that match wildcards one label deep)
browser-intake-us5-datadoghq.comPerformance timing. The configuration window lists additional regional Datadog intake hosts.

Non-essential telemetry (disableNonessentialTelemetry: false)

HostPurpose
a-cdn.anthropic.comAnalytics SDK
api.anthropic.comClaude Code usage telemetry, sent from inside the agent sandbox
a-api.anthropic.comAnalytics events
claude.aiAnalytics events

Non-essential services (disableNonessentialServices: false)

HostPurpose
api.anthropic.comMCP connector directory
www.claudeusercontent.comArtifact preview iframe
*.claudemcpcontent.comMCP Apps, the interactive widgets connectors can render. Each widget loads in a sandboxed iframe on its own generated subdomain, so allowlist the wildcard.
assets.claude.aiFonts loaded by MCP App widget iframes
cdnjs.cloudflare.com, cdn.jsdelivr.net, fonts.googleapis.comArtifact preview asset CDNs
www.google.com, *.gstatic.comConnector favicons

Optional features

HostRequired when
Host of otlpEndpointOpenTelemetry export is configured
github.com, objects.githubusercontent.com, pypi.org, files.pythonhosted.orgPython-based desktop extensions are enabled
Hosts of each entry in managedMcpServers (server URL, plus oauth.authorizationServer and login.microsoftonline.com if configured)Managed MCP servers are configured
Hosts in coworkEgressAllowedHostsSandbox web access is configured

Disabling all Anthropic-bound connections

With disableEssentialTelemetry, disableNonessentialTelemetry, disableNonessentialServices, and disableAutoUpdates all set to true, the desktop application makes no outbound connections to Anthropic-operated hosts at runtime. The only required egress is downloads.claude.ai (for the VM bundle at session start) and your inference provider. With the offline installer variant, downloads.claude.ai is not needed either, and your inference provider is the only required egress. This describes the application’s own connections; what happens to conversation content after it reaches your inference provider is governed by that provider; see the Overview. See the Locked down profile for a complete configuration.

Proxy support

The Cowork sandbox honors the host operating system’s proxy configuration, including PAC (proxy auto-configuration) files. If the device routes HTTPS through a corporate proxy, the sandbox will too, with no additional configuration required.

TLS-intercepting proxies on macOS

If your proxy performs TLS interception, it presents its own certificate authority. Claude configures its CLI processes to trust the macOS System keychain in addition to the bundled CA roots, so a corporate CA installed there normally works without extra setup. If inference or tool requests still fail certificate verification, the CA was likely added with policy-restricted trust: certificates installed via security add-trusted-cert -p ssl … are trusted by Safari and Chrome but are not picked up by the CLI runtime’s keychain reader. Re-add the CA with full root trust (omit -p):
sudo security add-trusted-cert -d -r trustRoot \
  -k /Library/Keychains/System.keychain /path/to/corp-ca.pem
If the certificate is MDM-managed and you cannot change how it is installed, set NODE_EXTRA_CA_CERTS as a fallback, then quit and relaunch Claude:
security find-certificate -a -p /Library/Keychains/System.keychain > ~/corp-ca.pem
launchctl setenv NODE_EXTRA_CA_CERTS "$HOME/corp-ca.pem"
launchctl setenv makes the variable visible to apps launched from Finder or the Dock (shell-profile exports only reach terminal sessions). It applies until the next reboot; to make it permanent, run the command from a LaunchAgent at login.