Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• Cloudflare
• Let's Encrypt
• MAKE SURE UPDATE THE FOLLOWING LIST WITH YOUR LIMITATIONS! REMOVE ENTRIES WHICH DO NOT APPLY AS WELL AS REMOVING THIS LINE!

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

• A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

• Abuse contact information (email or web form) is available and easily accessible.

  Abuse reporting email: security@bilt.com

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

Bilt is a rewards and payments platform that allows users to earn points on rent payments and everyday spending. The company partners with various real estate, travel, and lifestyle brands to offer a unified loyalty ecosystem.

Organization Website:

https://www.bilt.com
https://www.biltrewards.com

Reason for PSL Inclusion

Bilt plans to host merchant landing pages under restaurants.bilt.com (e.g., restaurants.bilt.com/merchant-name). Including restaurants.bilt.com in the Public Suffix List ensures that browsers correctly treat this domain as separate from the main bilt.com domain for cookie and security isolation purposes.

This helps prevent cookies or security policies from overlapping with the main site, and reduces the risk of browser-level issues such as Safe Browsing warnings or other origin-based heuristics that could affect user experience.

This submission is not intended to bypass any third-party rate limits or restrictions, but purely to maintain proper isolation for merchant-generated landing pages.

Number of users this request is being made to serve:

Thousands of partner restaurants expected over time as the program expands.

DNS Verification

dig +short TXT _psl.restaurants.bilt.com
"https://github.com/publicsuffix/list/pull/2639"