diff --git a/config/environments/production.rb b/config/environments/production.rb
index a75ece3a..1f447a64 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -85,7 +85,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /contacts-admin\..*gov.uk?/,
+    /contacts-admin\..*\.gov.uk$/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.