We have a website which cart accepts URL with paremeters from newsletters or online offers. The URL is like the following:


Let’s narrow it down to something like.


We have detected that when the HTTP requests come from some network block with ISP ID: MICROSOFT-CORP-MSN-AS-BLOCK, which seems to be comming from MS Azure, the coupon parameter is changed to:


The coupon code is of the same length as the original, but it obviously makes our cart page return an “Invalid coupon” message resulting in the client leaving the page.

Could anybody shed some light on this awkward behavior?, to say the least.

It turned out to be Safe-Links feature in MS products

In our case this “feature” is selectively rewriting only some parts in our -add to cart- URLs, in a way that messes them up completely.

I won’t judge on the kind of “features” that MS adds to their products, each one should draw his own conclusions.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.