What is Subdomain Takeover?

Subdomain takeover occurs when a DNS record points to a service (like GitHub Pages, AWS S3, Heroku) that has been deleted or expired, but the CNAME record remains in your DNS zone.

Example Scenario:

1. You create a CNAME record: blog.example.com -> myblog.herokuapp.com.
2. Months later, you delete the Heroku app but forget to remove the DNS record.
3. An attacker registers myblog.herokuapp.com on Heroku (which is now available).
4. The attacker now fully controls the content of blog.example.com, allowing them to steal cookies, phish users, or circumvent CSP policies.

How to Prevent It

Regularly audit your DNS records. Remove any CNAME that points to a service you no longer control.