> We can hijack the *. netflify.app subdomain bound to CNAME and launch a host head injection attack to address this issue > > <img width="1252" height="718" alt="Image" src="https://github.com/user-attachments/assets/90080c56-e624-417f-8b39-59940d0d8dd9" /> > _Originally posted by @xie-22 in [#40](https://github.com/EdOverflow/can-i-take-over-xyz/issues/40#issuecomment-3152565882)_
