diff --git a/src/lib/security/csrf.ts b/src/lib/security/csrf.ts
index 0555bae..c4656d1 100644
--- a/src/lib/security/csrf.ts
+++ b/src/lib/security/csrf.ts
@@ -142,7 +142,7 @@ export function validateOrigin(origin: string | null): { valid: boolean; reason?
   }
 
   // Subdomain-Matching für Produktions-Domains
-  const productionDomains = ['pl.porwoll.tech', 'porwoll.de', 'complexcaresolutions.de', 'gunshin.de']
+  const productionDomains = ['pl.porwoll.tech', 'c2sgmbh.de', 'porwoll.de', 'complexcaresolutions.de', 'gunshin.de']
 
   for (const domain of productionDomains) {
     if (origin.endsWith(domain) && origin.startsWith('https://')) {