Skip to content

Add Hercules to public_suffix_list.dat #2619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Hercules to public_suffix_list.dat #2619

wants to merge 1 commit into from

Conversation

@brendanfalk
Copy link

@brendanfalk brendanfalk commented Oct 12, 2025
edited
Loading

Public Suffix List (PSL) Submission

Checklist of required steps

  • Description of Organization

  • Robust Reason for PSL Inclusion

  • DNS verification via dig

  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

  • We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
  • This request was not submitted with the objective of working around other third-party limits.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
  • The Guidelines were carefully read and understood, and this request conforms to them.
  • The submission follows the guidelines on formatting and sorting.
  • A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact: security@hercules.app

  • Abuse contact information (email or web form) is available and easily accessible.

    URL where abuse contact or abuse reporting form can be found: https://hercules.app/abuse

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

  • Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

Hercules makes it easy to build web apps and websites by chatting with AI. Users are then able to deploy their web apps and websites to a subdomain owned by Hercules, or to a domain owned by the user. The Hercules platform is actively used by developers, solopreneurs, businesses, large enterprises, and non-technical who want to build a web app without coding.

This request is being submitted by Brendan Falk (https://linkedin.com/in/brendanfalk), founder and CEO of Hercules. The legal name of the company that makes the product, Hercules, is "Zeus AI Labs, Inc."

Organization Website:

https://hercules.app

Reason for PSL Inclusion

Hercules provides managed hosting for user-generated web applications on subdomains of the following domains:

  • onhercules.app for production
  • hercules-app.com for development and production
  • hercules-dev.com for development

We are seeking inclusion in private section of the PSL as we believe it is necessary to achieve the following:

  1. Cookie Security: Without PSL inclusion, browsers may treat the above domains as a single-origin domain, potentially allowing cookies to be shared between different user subdomains. This presents a security risk
  2. Browser and Platform Compatibility: Many platforms and services (e.g., Chrome, Firefox, Let’s Encrypt, Cloudflare) use the PSL to define domain boundaries. Listing the above domains in the PSL ensures compatibility with modern security policies.

Hercules commits to

  1. maintaining its _psl DNS TXT records
  2. ensuring ongoing compliance with PSL guidelines

Number of users this request is being made to serve:

We have ~50,000 users. A user is an individual person who has created a Hercules account and created an app. Most users create 1-2 apps. Every app is given a development domain that turns off after 10 min of inactivity. Approx 5-10% our users publish their apps to the prod domain. We expect this % to increase over time.

DNS Verification

Completed. The following commands should all return the link to this PR

dig TXT _psl.onhercules.app;
dig TXT _psl.hercules-dev.com;
dig TXT _psl.hercules-app.com;

@wdhdev
Copy link
Contributor

wdhdev commented Oct 13, 2025

All 3 domain names do not meet our expiry date requirements (must be >2y expiry). Also, whilst not a factor in approval, how long has your service been around? As the domains you are adding are only ~3 months old, which makes the 50,000 user estimate seem a bit unbelievable. (Or have you just recently migrated to these domains, e.g. from your domain hercules.app, or something similar?)

@brendanfalk
Copy link
Author

brendanfalk commented Oct 13, 2025

Hi @wdhdev. Thanks so much for the quick review

  1. 2 year expiry requirement: Yes I just finished this. My apologies, my plan was to do one final review of things in the morning before creating the actual PR to make sure I didn't miss anything but you beat me to it.
  2. Service period: Site is only 3 months old. And yes, we genuinely have ~50k "signups" which yes is ≠ to "users" exactly. The AI app builder space is really blowing up right now. A lot of companies like lovable, bolt, replit are seeing similar unprecedented growth in the short term

I've officially created the PR now so please let me know if there is anything more we need to do. Thanks for the help

@brendanfalk brendanfalk marked this pull request as ready for review October 13, 2025 19:32
@brendanfalk
Copy link
Author

brendanfalk commented Oct 31, 2025

Hi there - just wanted to check in on this? Our app is continuing to grow and we are eager to separate out our subdomains

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brendanfalk @wdhdev