635:
158:", HTTP cookies set by related-domain attackers for high-level domain name suffixes. In other words, a page at foo.example.co.uk might normally have access to cookies at bar.example.co.uk, but example.co.uk should be walled off from cookies at example2.co.uk, to prevent a same-site attack, since the latter two domains could be registered by different owners.
394:
The PSL is maintained by a web browser producer and is kept current by volunteers on a best-effort basis. It contains a list of points in the hierarchical namespace at which registrations take place, and is used to identify the boundary between so-called "public" names (below which registrations can
184:
The PSL has been seen as a tool for a variety of goals related to security, privacy, usability and resource management which can be in tension with each other, leading to maintenance difficulties and operational challenges. Ideas for effective approaches such as dbound, HTTP State Tokens and First
121:, because registrars control only the top level. The Public Suffix List is intended to enumerate all domain suffixes controlled by registrars, as well as those controlled privately such as
132:
consists of the online resources which can be controlled by the registrant of a domain name. That includes resources available via the domain and all its sub-domains. Two domains are
70:. They use it for features such as allowing cookie registration, detecting domain names in the address bar and site grouping. It is also used in many other tools such as
89:
A "public suffix" is one under which
Internet users can directly register names. Some examples of public suffixes are ".com", ".co.uk" and "pvt.k12.ma.us".
575:
54:(MPL). The list has been shown to have numerous issues to do with privacy and security, mostly caused by applications using outdated versions.
109:(TLDs), Internet users cannot always register the next level of domain, such as "co.uk" or "wy.us", because these may be controlled by
600:"New interaction between IOS 14.5 PCM and Facebook Pixel causing increase in PSL inclusion requests · Issue #1245 · publicsuffix/list"
387:
196:
and unclear guidance from
Facebook led to a flood of inappropriate requests for domains to be added to the Public Suffix List.
395:
occur, such as ".com" or ".org.uk") and the private names (organizational names) that domain registrars create within them.
39:), and contain commonly used suffixes like com, net and co.uk, as well as private suffixes like appspot.com and github.io.
650:
31:
suffixes under which independent organisations can register their own sites. Entries on the list are referred to as
193:
147:
attack can arise if the Public Suffix List is incorrect, or if browsers or sites are not properly configured.
50:
web browser, but it is widely used in many different internet technologies with varying success, under the
51:
110:
508:
408:
382:
67:
285:
43:
260:
481:
655:
378:
144:
106:
75:
634:
169:
307:
644:
63:
213:
599:
155:
28:
79:
489:
ICANN Security and
Stability Advisory Committee (SSAC) Reports and Advisories
122:
433:"Can I take Your Subdomain? Exploring Same-Site Attacks in the Modern Web"
185:
Party Sets have been explored without consensus yet on good alternatives.
533:
239:
140:
i.e. they share a suffix that is not included in the Public Suffix List.
576:"Mozilla flooded with requests after Apple privacy changes hit Facebook"
509:"SSAC Advisory on the Use of Static TLD / Suffix Lists | ICANN Features"
62:
A copy of the list is stored by all modern browsers, including
Firefox,
47:
482:"SAC070 - ICANN SSAC Advisory on the Use of Static TLD / Suffix Lists"
432:
27:) is a community-maintained list of rules that describe the internet
456:
329:
162:
555:
71:
261:"364745 - Treat PSL matching consistently across all platforms"
189:
113:. By contrast, users can register second level domains within
409:"Subdomain security is substandard, say security researchers"
168:
Highlighting the most important part of a domain name in the
46:
created the PSL for the security and privacy policies of the
628:
353:
480:
Kumari, Warren; Akkerhuis, Jaap; Fältström, Patrik (2015),
175:
Improving the sorting of browser history entries by site.
82:are known to use it for per-site rate limiting.
556:"DNS Query Privacy Revisited | blabs.apnic.net"
87:
383:"Additional Background Information for dbound"
8:
633:
457:"Learn more about the Public Suffix List"
330:"Learn more about the Public Suffix List"
205:
7:
286:"Cookies and the Public Suffix List"
165:policy records for email subdomains.
310:. Daniel Stenberg. 10 January 2024
214:"Public Suffix List - MozillaWiki"
14:
188:In 2021, privacy enhancements in
16:Catalog of Internet domain names
1:
554:Huston, Geoff (2020-09-10).
150:Some uses for the list are:
532:Sleevi, Ryan (2021-06-17),
238:Sleevi, Ryan (2024-01-22),
33:effective top-level domains
672:
437:Can I Take Your Subdomain?
194:Identifier for Advertisers
288:. Heroku. 11 October 2013
192:14.5 related to Apple's
136:if they are in the same
143:Security issues like a
91:
85:According to Mozilla,
52:Mozilla Public License
407:Dobberstein, Laura.
354:"Public Suffix List"
535:sleevi/psl-problems
413:www.theregister.com
241:sleevi/psl-problems
651:Domain Name System
513:features.icann.org
44:Mozilla Foundation
21:Public Suffix List
381:(13 April 2015).
265:bugs.chromium.org
111:domain registrars
107:top-level domains
663:
637:
632:
631:
629:Official website
614:
613:
611:
610:
596:
590:
589:
587:
586:
580:BleepingComputer
572:
566:
565:
563:
562:
551:
545:
544:
543:
542:
529:
523:
522:
520:
519:
505:
499:
498:
497:
496:
486:
477:
471:
470:
468:
467:
461:publicsuffix.org
453:
447:
446:
444:
443:
429:
423:
422:
420:
419:
404:
398:
397:
379:Murray Kucherawy
375:
369:
368:
366:
364:
358:publicsuffix.org
350:
344:
343:
341:
340:
334:publicsuffix.org
326:
320:
319:
317:
315:
304:
298:
297:
295:
293:
282:
276:
275:
273:
271:
257:
251:
250:
249:
248:
235:
229:
228:
226:
224:
218:wiki.mozilla.org
210:
74:. Services like
671:
670:
666:
665:
664:
662:
661:
660:
641:
640:
627:
626:
623:
618:
617:
608:
606:
598:
597:
593:
584:
582:
574:
573:
569:
560:
558:
553:
552:
548:
540:
538:
531:
530:
526:
517:
515:
507:
506:
502:
494:
492:
484:
479:
478:
474:
465:
463:
455:
454:
450:
441:
439:
431:
430:
426:
417:
415:
406:
405:
401:
377:
376:
372:
362:
360:
352:
351:
347:
338:
336:
328:
327:
323:
313:
311:
306:
305:
301:
291:
289:
284:
283:
279:
269:
267:
259:
258:
254:
246:
244:
237:
236:
232:
222:
220:
212:
211:
207:
202:
182:
60:
17:
12:
11:
5:
669:
667:
659:
658:
653:
643:
642:
639:
638:
622:
621:External links
619:
616:
615:
591:
567:
546:
524:
500:
472:
448:
424:
399:
370:
345:
321:
299:
277:
252:
230:
204:
203:
201:
198:
181:
178:
177:
176:
173:
170:user interface
166:
159:
59:
56:
15:
13:
10:
9:
6:
4:
3:
2:
668:
657:
654:
652:
649:
648:
646:
636:
630:
625:
624:
620:
605:
601:
595:
592:
581:
577:
571:
568:
557:
550:
547:
537:
536:
528:
525:
514:
510:
504:
501:
490:
483:
476:
473:
462:
458:
452:
449:
438:
434:
428:
425:
414:
410:
403:
400:
396:
391:
390:working group
389:
384:
380:
374:
371:
359:
355:
349:
346:
335:
331:
325:
322:
309:
308:"PSL in Curl"
303:
300:
287:
281:
278:
266:
262:
256:
253:
243:
242:
234:
231:
219:
215:
209:
206:
199:
197:
195:
191:
186:
179:
174:
171:
167:
164:
160:
157:
153:
152:
151:
148:
146:
141:
139:
135:
131:
126:
124:
120:
116:
112:
108:
104:
100:
96:
90:
86:
83:
81:
77:
76:Let's Encrypt
73:
69:
65:
57:
55:
53:
49:
45:
40:
38:
34:
30:
26:
22:
607:. Retrieved
603:
594:
583:. Retrieved
579:
570:
559:. Retrieved
549:
539:, retrieved
534:
527:
516:. Retrieved
512:
503:
493:, retrieved
491:, p. 32
488:
475:
464:. Retrieved
460:
451:
440:. Retrieved
436:
427:
416:. Retrieved
412:
402:
393:
386:
373:
361:. Retrieved
357:
348:
337:. Retrieved
333:
324:
312:. Retrieved
302:
290:. Retrieved
280:
268:. Retrieved
264:
255:
245:, retrieved
240:
233:
221:. Retrieved
217:
208:
187:
183:
156:supercookies
149:
142:
137:
133:
129:
128:An internet
127:
118:
114:
102:
98:
94:
92:
88:
84:
61:
41:
36:
32:
24:
20:
18:
119:example.com
29:domain name
645:Categories
609:2021-07-04
585:2021-07-04
561:2021-07-05
541:2021-07-04
518:2021-07-05
495:2021-07-05
466:2024-03-12
442:2021-07-04
418:2021-07-04
339:2024-03-12
314:31 January
292:19 January
247:2024-03-12
200:References
154:Avoiding "
117:, such as
80:Cloudflare
145:same-site
123:github.io
161:Finding
656:Mozilla
134:related
48:Firefox
604:GitHub
363:18 May
270:18 May
223:18 May
180:Issues
101:, and
93:While
64:Chrome
485:(PDF)
163:DMARC
138:site,
68:Opera
37:eTLDs
388:IETF
365:2017
316:2024
294:2014
272:2017
225:2017
130:site
105:are
78:and
72:CURL
66:and
58:List
42:The
19:The
190:iOS
115:com
95:com
25:PSL
647::
602:.
578:.
511:.
487:,
459:.
435:.
411:.
392:.
385:.
356:.
332:.
263:.
216:.
125:.
103:us
99:uk
97:,
612:.
588:.
564:.
521:.
469:.
445:.
421:.
367:.
342:.
318:.
296:.
274:.
227:.
172:.
35:(
23:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.