Comcast Business (Xfinity) SecurityEdge Blocking Website Domain
Sep 18, 2025Web and InternetComments (0)
Comcast has a security layer built into their Internet service called SecurityEdge. This monitors all requests coming from your network and blocks them if they're going to a website/domain that is on a Comcast block or filter list. This security layer is a part of your Comcast account and isn't on your physical modem.
Block Page
If you visit a website that is on a block list, you may instead see a page that says something like this:
If you believe a site has been blocked in error, you can submit a request to Comcast Support to try and get them to remove it (good luck), and you can also add it to your account's allow list (whitelist) so that at least your network can access it.
To add the site to your allow list, log in to your Comcast account, find the link to SecurityEdge (it may be in the footer), go into settings, and check for the block list page. Type in the domain and then hit "allow". Here is a breadcrumb to get there, which may change over time:
While logged in, you can also change the message it shows on the page, since the default message isn't very good and doesn't even indicate what entity is blocking the request.
DNS Over HTTPS
The reason Comcast is able to block these requests is because the initial request your browser makes, to lookup the IP address for the website using a DNS server, may not be encrypted. So while the rest of your visit to that website may be encrypted over HTTPS, the initial lookup may not be, and that is what Comcast is able to see and block. When it does this, Comcast effectively reroutes your website request to the block page, and it can do this even if you've specified your own DNS servers in your network settings.
To get around this, or if you just prefer that your ISP knows less about the websites you visit, you can enable DNS over HTTPS in your web browser. This will encrypt that initial DNS lookup request with a provider first, such as Cloudflare.
In your Firefox web browser, go into settings, then Privacy & Security, then scroll down to "DNS over HTTPS". Set it to "Increased Protection" or "Max Protection". For other browsers and iOS, there will likely be methods to do it, but you'll have to search online. If you're using Chrome or Edge on desktop or Android, I highly suggest switching to Firefox.
Block Page
If you visit a website that is on a block list, you may instead see a page that says something like this:
Malware and Phishing
This site is blocked because it is a known security threat. Please contact your network administrator to gain access.
This site is blocked because it is a known security threat. Please contact your network administrator to gain access.
If you believe a site has been blocked in error, you can submit a request to Comcast Support to try and get them to remove it (good luck), and you can also add it to your account's allow list (whitelist) so that at least your network can access it.
To add the site to your allow list, log in to your Comcast account, find the link to SecurityEdge (it may be in the footer), go into settings, and check for the block list page. Type in the domain and then hit "allow". Here is a breadcrumb to get there, which may change over time:
Comcast > SecurityEdge > Settings > Block & Allow Lists > URL Check > AllowWhile logged in, you can also change the message it shows on the page, since the default message isn't very good and doesn't even indicate what entity is blocking the request.
DNS Over HTTPS
The reason Comcast is able to block these requests is because the initial request your browser makes, to lookup the IP address for the website using a DNS server, may not be encrypted. So while the rest of your visit to that website may be encrypted over HTTPS, the initial lookup may not be, and that is what Comcast is able to see and block. When it does this, Comcast effectively reroutes your website request to the block page, and it can do this even if you've specified your own DNS servers in your network settings.
To get around this, or if you just prefer that your ISP knows less about the websites you visit, you can enable DNS over HTTPS in your web browser. This will encrypt that initial DNS lookup request with a provider first, such as Cloudflare.
In your Firefox web browser, go into settings, then Privacy & Security, then scroll down to "DNS over HTTPS". Set it to "Increased Protection" or "Max Protection". For other browsers and iOS, there will likely be methods to do it, but you'll have to search online. If you're using Chrome or Edge on desktop or Android, I highly suggest switching to Firefox.