Skip to content

Add lunarabbit.app (LunaRabbit Inc.)#2981

Open
lunarabbit-ai-code wants to merge 2 commits into
publicsuffix:mainfrom
lunarabbit-ai-code:add-lunarabbit-app
Open

Add lunarabbit.app (LunaRabbit Inc.)#2981
lunarabbit-ai-code wants to merge 2 commits into
publicsuffix:mainfrom
lunarabbit-ai-code:add-lunarabbit-app

Conversation

@lunarabbit-ai-code

@lunarabbit-ai-code lunarabbit-ai-code commented Jun 22, 2026

Copy link
Copy Markdown

Public Suffix List (PSL) Submission

Checklist of required steps

  • Description of Organization
  • Robust Reason for PSL Inclusion
  • DNS verification via dig
  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

  • We are listing any third-party limits that we seek to work around in our rationale such as those between iOS 14.5+ and Facebook (see Issue #1245 as a well-documented example) — N/A: we are not seeking to work around any third-party limit.
  • This request was not submitted with the objective of working around other third-party limits.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
  • The Guidelines were carefully read and understood, and this request conforms to them.
  • The submission follows the Guidelines on formatting and sorting.
  • A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

  • Abuse contact information (email or web form) is available and easily accessible.

    URL where abuse contact or abuse reporting form can be found: contact@lunarabbit.ai


  • Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Note: lunarabbit.app is a separate registrable domain from our primary organization domain (lunarabbit.ai). All login/session cookies live only on lunarabbit.ai, so lunarabbit.app carries no first-party auth state and there is no risk to our organization's website cookies.


Description of Organization

LunaRabbit Inc. is a US (Delaware) C-Corporation that builds an AI platform at https://lunarabbit.ai. I am the founder and an engineer at LunaRabbit, responsible for our platform infrastructure and this submission. LunaRabbit lets users build and deploy web applications through an in-app builder; each resulting application is served on its own isolated subdomain under lunarabbit.app (e.g. myapp.lunarabbit.app). These subdomains host user-controlled content that is independent and mutually untrusting.

Organization Website: https://lunarabbit.ai

Reason for PSL Inclusion

We are requesting lunarabbit.app be added to the PRIVATE section of the PSL for cookie and origin isolation between user-deployed applications.

Each user-deployed app is served on its own subdomain (e.g. myapp.lunarabbit.app, otherapp.lunarabbit.app). Without PSL inclusion, a cookie set on .lunarabbit.app by one user's application would be readable by all other user applications under lunarabbit.app. Because these subdomains host content controlled by different, mutually-untrusting parties, this enables supercookies and cookie-tossing across tenants.

Adding lunarabbit.app to the PSL ensures browsers treat each subdomain as a separate registrable domain, preventing cross-subdomain cookie attacks and enforcing proper origin isolation. This is the same use case as other platform providers already listed in the PSL, such as Vercel (vercel.app), Cloudflare Pages (pages.dev), and Perplexity (pplx.app, see #2821).

The domain lunarabbit.app is registered through 2029-06-19, and we commit to maintaining the registration in good standing with more than one year remaining at all times.

Number of users this request is being made to serve: Thousands.

DNS Verification

dig +short TXT _psl.lunarabbit.app
"https://github.com/publicsuffix/list/pull/2981"

The _psl TXT record is in place and will be maintained permanently.

@simon-friedberger

Copy link
Copy Markdown
Contributor

You must use the PR template.

@lunarabbit-ai-code

Copy link
Copy Markdown
Author

Thanks for the review. I've updated the PR description to follow the full PR template, including the required checklist, Description of Organization, Reason for PSL Inclusion, a role-based & actively-monitored abuse contact (contact@lunarabbit.ai), and the _psl DNS verification. The comment header in public_suffix_list.dat now also uses the role-based address. Please let me know if anything else is needed.

@simon-friedberger

Copy link
Copy Markdown
Contributor

We need actual user numbers not just an order of magnitude.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants