All posts tagged with subdomain

Security Improvement: Subdomain Reuse Mitigation

news , Product Mgmt at Heroku


Subdomain reuse, also known as subdomain takeover, is a security vulnerability that occurs when an attacker claims and takes control of a target domain. Typically, this happens when an application is deprecated and an attacker directs residual traffic to a host that they control.

As of 14 June 2023, we changed the format of the built-in domain for Heroku apps. This change improves the security of the platform by preventing subdomain reuse. The new format is <app-name>-<random-identifier> Previously, the format was <app-name> The new format for built-in domains is on by default for all users.


Browse the blog archives or subscribe to the full-text feed.