Back to Glossary

Glossary Term

Subdomain

A subdivision of a main domain used to host specific services, apps, or environments.

1 min read

Share this definition

Post it to your feed or send it to teammates.

A subdivision of a main domain used to organize services, apps, or environments.

1-min read

What It Is

A subdomain is a prefix added to a primary domain name (e.g., login.example.com, shop.example.com). Companies use subdomains for testing, staging, customer portals, marketing pages, and external tools. Over time, teams often forget to remove unused subdomains or the DNS records that point to them—creating hidden security risks.

Why It Matters

Forgotten subdomains are one of the most common sources of exposure:

  • Subdomain takeover when DNS still points to a decommissioned service
  • Exposed test or staging environments that lack proper security controls
  • Brand abuse where attackers impersonate you at an abandoned hostname
  • Search engine penalties when compromised subdomains host spam or malware

How To Reduce Risk

  • Maintain an inventory of every subdomain you own
  • Remove unused DNS entries and enforce TTL hygiene
  • Monitor for automatically created subdomains from SaaS, CDNs, or tooling
  • Run continuous scanning to detect takeover risks or dangling DNS records
  • Decommission test environments properly so endpoints, SSL, and storage are revoked

Related Terms

External Resources

  • https://owasp.org/www-community/Subdomain_takeovers
  • https://developers.cloudflare.com/dns/manage-dns-records