SiteAlertAI SiteAlertAI
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
← All guides

Subdomain Takeover: The Dangling DNS Risk

A subdomain takeover occurs when one of your subdomains has a DNS record — usually a CNAME — pointing to a third-party service (an S3 bucket, a Pages site, a Heroku app) that no longer exists. An attacker can register that resource and serve their own content from your subdomain.

Why it is dangerous

Content on your real subdomain inherits your brand trust and can host phishing, steal cookies scoped to the parent domain, or pass domain-validation checks. It is a common and high-impact finding.

How to prevent it

When you decommission a service, remove the DNS record that pointed to it in the same change. Periodically audit CNAMEs for targets that no longer resolve or return a "no such resource" page.

🛰 Scan your subdomains →

Related guides

  • What Is HSTS and How Do I Enable It?
  • Content-Security-Policy Explained (and How to Fix a Weak One)
  • Mixed Content: Why Your HTTPS Padlock Breaks
SiteAlertAI · © 2026 All rights reserved · Built for security professionals and developers.
Blog Guides Privacy Terms About Contact Social

⚠ For authorised security testing only. Scanning domains you do not own may violate laws in your jurisdiction. SiteAlertAI accepts no liability for misuse. CVE data is indicative — verify with NVD.