Skip to main content
Dark background with blue code overlay

Blog

Adding Akamai Shared Domains to the Public Suffix List

Erik Nygren

Written by

Erik Nygren

March 21, 2022

Erik Nygren is an Akamai Fellow and Chief Architect in Akamai's Platform Infrastructure Engineering organization and has been with Akamai since June of 1999. Among other responsibilities, Erik is leading the platform architecture for Akamai's IPv6 initiative. He is a long-time member and current chair of Akamai's Architecture Group and has had deep involvement in many engineering and operations areas across Akamai for over 17 years. Erik received his Bachelors and Masters degrees in Computer Science and Engineering at the Massachusetts Institute of Technology (MIT), and he came to Akamai part way through his PhD program at MIT, working in the Parallel and Distributed Operating Systems group. Previously, Erik was a co-founder of Fourth Planet, a data visualization company, and worked in the Intelligent Mechanisms group at NASA Ames Research Center.

 

Private Suffix

Akamai plans to submit a number of our shared domains to the “PRIVATE” section of the Public Suffix List (PSL) at some point on or after March 31, 2022. The PSL contains multi-party domain suffixes and is used by a wide range of client software (for example, web browsers) to implement policy decisions, such as to prevent cookies from being set on public or multi-party domains.

For example, we plan to put the domain “akamaized.net” onto the PSL. Clients with the new version of the PSL will then prevent cookies from being set directly onto cross-customer “akamaized.net” domain, but the hostname “example.akamaized.net” would still be allowed to set cookies onto “example.akamaized.net,” subject to other client policies such as “third-party cookie” restrictions.

Changes to suffix

We are in the process of analyzing customer configurations to identify cases where this change may have an impact and will be reaching out to the very small number of customers who may be affected. We believe that there will be minimal negative impact from this change, which should improve the security posture of Akamai’s customers. 

Given the many uses of the PSL, it is impossible to anticipate all potential ramifications. However, many other content delivery networks (CDNs) and hosting providers include their shared domains in the PRIVATE section of the PSL and have done so for years.

Changes rolling out over time

Updates to the PSL are often incorporated directly into browser and operating system releases, so the change to incorporate these new Akamai domains will typically take effect as new versions of software incorporate the updated list and as users upgrade to new versions of software. 

This means that the change will roll out over the course of months and years. For example, some major browsers incorporate PSL updates every few months but then depend on users or automated updates to upgrade to new browser versions. Due to a lack of control over the timing of these rollouts by third parties, Akamai also has no ability to halt or roll back additions if they do end up causing an impact.

Akamai’s CDN software has almost always prevented origins from passing Set-Cookie headers on these domains, but some product features and configuration options have allowed setting cookies on specific hostnames. Cookies set directly on these shared domains (rather than specific per-customer hostnames underneath them) present a security and privacy risk to other customers. Not only is setting cookies on shared Akamai domains not supported, but it is also a violation of Akamai’s acceptable use policy (AUP) from a security perspective.

Closing potential security loopholes

Some of the shared Akamai domains being added to the PSL long predate the existence of the PSL and its PRIVATE section. We are adding them now to close potential security and privacy loopholes, and to address issues that could potentially arise from the domains not being present on the PSL. 

We have also seen cases where the entire shared domain is being labeled as a “Tracker” due to individual customer hostnames on the domain, so making this change will hopefully reduce the cross-customer impact due to the behavior of individual customer hostnames.

Domains being added

The set of domains that Akamai plans to add to the Public Suffix List is:

  • akadns.net

    • com.akadns.net

    • net.akadns.net

  • akamai.net

    • akamai-staging.net

  • akamaiedge.net

    • akamaiedge-staging.net

  • akamaihd.net

    • akamaihd-staging.net

  • akamaiorigin.net

    • akamaiorigin-staging.net

  • akamaized.net

    • com.akamaized.net

    • mdc.akamaized.net

    • net.akamaized.net

    • akamaized-staging.net

    • com.akamaized-staging.net

    • mdc.akamaized-staging.net

    • net.akamaized-staging.net

  • edgekey.net

    • com.edgekey.net

    • test.edgekey.net

    • edgekey-staging.net

    • com.edgekey-staging.net

    • test.edgekey-staging.net

  • edgesuite.net

    • com.edgesuite.net

    • mdc.edgesuite.net

    • net.edgesuite.net

    • edgesuite-staging.net

    • com.edgesuite-staging.net

    • mdc.edgesuite-staging.net

    • net.edgesuite-staging.net

Learn more

For more details and updates, see our Knowledge Base article.

While precautions have been taken in the preparation of this document, Akamai Technologies, Inc. assumes no responsibility for errors, omissions, or for damages resulting from the use of the information herein. The information herein is subject to change without notice.



Erik Nygren

Written by

Erik Nygren

March 21, 2022

Erik Nygren is an Akamai Fellow and Chief Architect in Akamai's Platform Infrastructure Engineering organization and has been with Akamai since June of 1999. Among other responsibilities, Erik is leading the platform architecture for Akamai's IPv6 initiative. He is a long-time member and current chair of Akamai's Architecture Group and has had deep involvement in many engineering and operations areas across Akamai for over 17 years. Erik received his Bachelors and Masters degrees in Computer Science and Engineering at the Massachusetts Institute of Technology (MIT), and he came to Akamai part way through his PhD program at MIT, working in the Parallel and Distributed Operating Systems group. Previously, Erik was a co-founder of Fourth Planet, a data visualization company, and worked in the Intelligent Mechanisms group at NASA Ames Research Center.