Dangling Records
Heroku Subdomain Takeover
A CNAME pointing to a deleted Heroku app can be claimed by someone else, and your subdomain starts serving their app instead of yours.
How it happens
- You create a subdomain pointing to
appname.herokuapp.com. - You delete the Heroku app.
- The DNS CNAME still points at
herokuapp.com. - An attacker creates a Heroku app with the same name.
- Your subdomain now serves their app.
The fingerprint
Deleted Heroku apps return No such app. If your CNAME resolves there, you likely have a dangling record.
How to check
Run DomainPreflight Dangling Records and look for CNAMEs ending in herokuapp.com that match takeover fingerprints.
How to fix
Delete the dangling CNAME immediately. If you still need that subdomain, recreate the app first and verify ownership.
Fix it step by step
*.herokuapp.com.Scan your domain for dangling provider records
Open Dangling Records Scanner →FAQ
What is a Heroku subdomain takeover?
When a CNAME points to a deleted Heroku app, an attacker can create the same app name and serve content on your subdomain.
How do I know if my subdomain is vulnerable?
Run DomainPreflight Dangling Records. It checks your CNAMEs against known takeover fingerprints including Heroku.
What does the Heroku takeover page look like?
Heroku commonly returns No such app for deleted apps. If your subdomain shows that, the CNAME is dangling.
How do I fix a Heroku dangling CNAME?
Delete the DNS CNAME record. If you need the subdomain, recreate the Heroku app first.
Can I prevent this from happening again?
Always delete DNS records when decommissioning services. Run Dangling Records scans quarterly.