[hsx]

This is really neat! There's growing number of self-hosters that I'm sure will find this useful.

May I suggest using a separate domain for tunnels, and adding it to the [public suffix list](https://github.com/publicsuffix/list)?

From what I can tell, takingnames.io subdomains are able to access the takingnames.io auth cookie. Having a separate domain would mitigate this.

[anderspitman]

Not sure, but I think maybe it already works the way you're suggesting? The free subdomains hang off the takingnames.live domain. takingnames.io is only used for the website currently, because I'm concerned about it's reputation. Free subdomains are often used for spam/phishing.

The public suffix list is a great suggestion; thanks!

[hsx]

Oh, I hadn't noticed that difference! In that case it already works the way I suggested.