static.example.com won’t cut it, because many cookies will be issued with “domain=.example.com”. Unless you’re 100% sure you’ll only issue cookies with “domain=www.example.com”, you’ll need to use a completely different TLD. Yahoo!, for example, uses yahoo.com for dynamic HTML content and yimg.com for images and other static content.