diff --git a/backend/backend/production_settings.py b/backend/backend/production_settings.py
index 859369e4..65a2e0a8 100644
--- a/backend/backend/production_settings.py
+++ b/backend/backend/production_settings.py
@@ -14,11 +14,10 @@
 DEBUG = False
 
 # Security settings
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = ['.commanderspellbook.com']
 CSRF_TRUSTED_ORIGINS = [
     'https://commanderspellbook.com',
     'http://localhost',
-    'https://backend.commanderspellbook.com',
 ]
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')