diff --git a/mint.json b/mint.json
index 0475e75..d53c7c9 100644
--- a/mint.json
+++ b/mint.json
@@ -131,6 +131,12 @@
         "privacy/privacy"
       ]
     },    
+    {
+      "group": "Security",
+      "pages": [
+        "security/security"
+      ]
+    },    
     {
       "group": "Troubleshooting",
       "pages": [
diff --git a/security/security.mdx b/security/security.mdx
new file mode 100644
index 0000000..fa17f60
--- /dev/null
+++ b/security/security.mdx
@@ -0,0 +1,20 @@
+---
+title: Security FAQ
+---
+
+### What domains should I whitelist when using Cursor behind a corporate VPN/proxy?
+
+If you're behind a corporate proxy, whitelist these domains to ensure that Cursor works correctly:
+
+- Most API requests: **https://api2.cursor.sh**
+- Cursor Tab requests (HTTP/2 only): **https://api3.cursor.sh**
+- Codebase indexing (HTTP/2 only): **https://repo42.cursor.sh**
+- Cursor Tab requests depending on your location (HTTP/2 only):
+  - **https://api4.cursor.sh**
+  - **https://us-asia.gcpp.cursor.sh**
+  - **https://us-eu.gcpp.cursor.sh**
+  - **https://us-only.gcpp.cursor.sh**
+- Downloading extensions from the extension marketplace:
+  - **https://marketplace.cursorapi.com**
+  - **https://cursor-cdn.com**
+- Checking for and downloading updates: **https://download.todesktop.com**