diff --git a/AutheliaMultiDomainProxy.csproj b/AutheliaMultiDomainProxy.csproj
index 2917b6f..e437d5f 100644
--- a/AutheliaMultiDomainProxy.csproj
+++ b/AutheliaMultiDomainProxy.csproj
@@ -6,4 +6,8 @@
         <ImplicitUsings>enable</ImplicitUsings>
     </PropertyGroup>
 
+    <ItemGroup>
+      <PackageReference Include="Nager.PublicSuffix" Version="2.4.0" />
+    </ItemGroup>
+
 </Project>
diff --git a/Backend/AuthHelpers.cs b/Backend/AuthHelpers.cs
index 14c0f90..942799f 100644
--- a/Backend/AuthHelpers.cs
+++ b/Backend/AuthHelpers.cs
@@ -1,8 +1,11 @@
 using System.Web;
+using Nager.PublicSuffix;
 
 namespace AutheliaMultiDomainProxy.Backend;
 
 public class AuthHelpers {
+	static DomainParser domainParser = new DomainParser(new WebTldRuleProvider());
+
 	public static (bool isAuthenticated, string? user) IsAuthenticated(IRequestCookieCollection cookies) {
 		if (!cookies.ContainsKey(Vars.CookieName))
 			return (false, null);
@@ -40,4 +43,8 @@ public class AuthHelpers {
 		var response = client.GetAsync($"http://127.0.0.1:9091/api/verify");
 		return response.Result;
 	}
+
+	public static string GetRootDomain(string url) {
+		return domainParser.Parse(new Uri(url).Host).RegistrableDomain;
+	}
 }
diff --git a/Controllers/CookieProxyController.cs b/Controllers/CookieProxyController.cs
index 588b1de..df211c5 100644
--- a/Controllers/CookieProxyController.cs
+++ b/Controllers/CookieProxyController.cs
@@ -10,20 +10,18 @@ namespace AutheliaMultiDomainProxy.Controllers;
 public class CookieProxyController : Controller {
 	[Produces("text/html", "text/plain")]
 	[Route("/api/cookieproxy_stage_one")]
-	public IActionResult StageOne([FromQuery] string dstDomain, [FromQuery] string tgt) {
+	public IActionResult StageOne([FromQuery] string tgt) {
 		// Check if we are on the correct domain
 		if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}")
 			return StatusCode(StatusCodes.Status421MisdirectedRequest);
 
-		if (!Request.Cookies.ContainsKey("authelia_session")
-		 || string.IsNullOrWhiteSpace(dstDomain)
-		 || !Vars.PermittedDomains.Contains(dstDomain)
-		 || string.IsNullOrWhiteSpace(tgt)
-		 || !new Uri(tgt).Host.EndsWith(dstDomain)) {
+		var dstDomain = AuthHelpers.GetRootDomain(tgt);
+
+		if (!Request.Cookies.ContainsKey("authelia_session") || string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
 			return BadRequest("Bad request.");
 		}
 
-		var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?dstDomain={HttpUtility.UrlEncode(dstDomain)}&tgt={HttpUtility.UrlEncode(tgt)}";
+		var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?tgt={HttpUtility.UrlEncode(tgt)}";
 		return
 			Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",
 				    "text/html");
@@ -32,16 +30,14 @@ public class CookieProxyController : Controller {
 	[HttpPost]
 	[Produces("text/html", "text/plain")]
 	[Route("/api/cookieproxy_stage_two")]
-	public IActionResult StageTwo([FromQuery] string dstDomain, [FromQuery] string tgt, [FromForm] string cookie) {
+	public IActionResult StageTwo([FromQuery] string tgt, [FromForm] string cookie) {
 		// Check if we are on an allowed domain
 		if (Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
 			return StatusCode(StatusCodes.Status421MisdirectedRequest);
 
-		if (string.IsNullOrWhiteSpace(dstDomain)
-		 || !Vars.PermittedDomains.Contains(dstDomain)
-		 || string.IsNullOrWhiteSpace(cookie)
-		 || string.IsNullOrWhiteSpace(tgt)
-		 || !new Uri(tgt).Host.EndsWith(dstDomain)) {
+		var dstDomain = AuthHelpers.GetRootDomain(tgt);
+
+		if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(cookie)) {
 			return BadRequest("Bad request.");
 		}
 
diff --git a/Controllers/RedirectController.cs b/Controllers/RedirectController.cs
index 87c9ca0..4802ceb 100644
--- a/Controllers/RedirectController.cs
+++ b/Controllers/RedirectController.cs
@@ -7,14 +7,16 @@ namespace AutheliaMultiDomainProxy.Controllers;
 [Controller]
 [Route("/api/redirect")]
 public class RedirectController : Controller {
-	public IActionResult Get([FromQuery] string dstDomain, [FromQuery] string tgt) {
+	public IActionResult Get([FromQuery] string tgt) {
 		// Check if we are on an allowed domain
 		if (!Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith($".{p}"))) {
 			Response.StatusCode = 421;
 			return StatusCode(StatusCodes.Status421MisdirectedRequest);
 		}
 
-		if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(tgt) || !new Uri(tgt).Host.EndsWith(dstDomain)) {
+		var dstDomain = AuthHelpers.GetRootDomain(tgt);
+
+		if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
 			Response.StatusCode = StatusCodes.Status421MisdirectedRequest;
 			return BadRequest("Bad request.");
 		}
diff --git a/Pages/Index.cshtml b/Pages/Index.cshtml
index bdbc5e7..cbf1949 100644
--- a/Pages/Index.cshtml
+++ b/Pages/Index.cshtml
@@ -32,6 +32,6 @@
 	}
 	else {
 		<p>You are currently <span class="badge bg-danger">not authenticated</span></p>
-		<a href="https://@Vars.AutheliaSubdomain.@Vars.UpstreamPrimaryDomain/?rd=@HttpUtility.UrlEncode($"https://{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}/api/cookieproxy_stage_one?dstDomain={Request.Host.Host.Replace($"{Vars.AuthProxySubdomain}.", "")}&tgt=https://{Request.Host.Host}")" class="btn btn-success">Log in</a>
+		<a href="https://@Vars.AutheliaSubdomain.@Vars.UpstreamPrimaryDomain/?rd=@HttpUtility.UrlEncode($"https://{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}/api/cookieproxy_stage_one?tgt=https://{Request.Host.Host}")" class="btn btn-success">Log in</a>
 	}
 </div>