Why do certain companies mix subdomains and domains? I mean, when you run your own CDN...

  1. google.com
  2. maps.google.com
  3. groups.google.com
  4. ...
  5. googleapis.com
  6. gmodules.com
  7. googlesyndication.com
  8. gstatic.com
I would like to simply trust .*\.google\.com$

Update 2009-09-02
It seems that it may be due to cookie traffic. Cookies do not need to be sent on GETs of static content, so the cost savings justify the domain. However, that justifies having one cookie-free domain, not a slew....

Over the course of years, somebody makes a decision to put something another place and once it's done it's too expensive to undo. That's assuming it was a bad idea in the first place though -- I agree it's easier to find things if they have a logical domain name. Couldn't there be a technical benefit to having some of the domains on a different top level address? The last four you mention are not domains they use for content, but rather serve some other function. -- Cal

They force everyone who cares to verify their new domain, when they could have just created a subdomain which we wouldn't have to verify was actually theirs. AFAIK, I have to allow all those domains (except for googlesyndication.com) in order to get google maps and calendaring to work. So, I would count them as providing a required service (maybe content, maybe not) that I have to trust. -- Patrick

AFAIK, a major reason for this sort of domain proliferation is the prevention of XSS attacks. I couldn't say in every particular case this is true, but at least two of the domains you posted seem like obvious candidates. Theo