Add grok.me (xAI) to PRIVATE section#2993
Merged
simon-friedberger merged 1 commit intoJul 6, 2026
Merged
Conversation
bbe936f to
a38f82d
Compare
Contributor
Author
|
@dnsguru sorry to ping but just wanted to give a gentle nudge |
Contributor
|
Please explain your estimated user numbers. |
Contributor
Author
|
Hey @simon-friedberger this will be a product feature of grok.com (https://www.similarweb.com/website/grok.com/#overview). We can expect 100s of thousands to millions of users using and creating subdomains at grok.me |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Public Suffix List (PSL) Submission
Checklist of required steps
Description of Organization
Robust Reason for PSL Inclusion
DNS verification via dig
Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the
_pslTXT record in place in the respective zone(s).Submitter affirms the following:
We are listing any third-party limits that we seek to work around in our rationale such as those between iOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
This request was not submitted with the objective of working around other third-party limits.
The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
The Guidelines were carefully read and understood, and this request conforms to them.
The submission follows the Guidelines on formatting and sorting.
A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.
Abuse Contact:
Abuse contact information (email or web form) is available and easily accessible.
URL where abuse contact or abuse reporting form can be found: https://x.ai/.well-known/security.txt
For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to roll back, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
Description of Organization
Organization Website: https://x.ai
xAI is an AI company and the makers of the Grok family of models. This submission is for grok.me, the domain behind Grok's app-builder feature: end users build and publish their own web applications, each served from its own subdomain (e.g.
myapp.grok.me). The submitter is an engineer at xAI filing on behalf of the company;security@x.aiis our established role contact for domain, brand-protection, and security matters. Crucially, the*.grok.mesubdomains are operated by independent, mutually-untrusting end users (user-generated content), not by xAI itself.Reason for PSL Inclusion
We request that
grok.mebe added to the PRIVATE section so each*.grok.mesubdomain is treated as its own registrable site. Because the subdomains are controlled by independent, mutually-untrusting users, this is needed for:grok.meapex that would affect other users' subdomains.*.grok.mesite is assessed and blocklisted independently, rather than poisoning the reputation ofgrok.me(and therefore every other user) across browsers, ISPs, and safe-browsing systems.This mirrors existing PRIVATE-section entries for user-content platforms (e.g.
vercel.app,netlify.app,github.io,lovable.app).Third-party transparency: grok.me is served via Cloudflare (DNS/CDN) and Vercel (subdomain hosting). This request is not intended to circumvent any Cloudflare, Vercel, or Let's Encrypt limit. It is solely for the cookie and abuse-isolation security properties described above.
Abuse handling: abuse on a user subdomain can be reported to
abuse@x.ai, published viahttps://x.ai/.well-known/security.txt.Number of THOUSANDS of distinct users this request is being made to serve: Estimated in the hundreds of thousands of distinct end users, each publishing one or more apps on their own
*.grok.mesubdomain (estimate).DNS Verification
The
_psl.grok.meTXT record is set to this PR's URL (output above). The apexgrok.meredirects tohttps://grok.com; all user content lives on the*.grok.mesubdomains.