diff --git a/lib/Server.js b/lib/Server.js
index e00deb09ae..4cc2ae97d4 100644
--- a/lib/Server.js
+++ b/lib/Server.js
@@ -413,7 +413,19 @@ Server.prototype.checkHost = function(headers) {
 	if(hostname === "127.0.0.1" || hostname === "localhost") return true;
 
 	// allow if hostname is in allowedHosts
-	if(this.allowedHosts && this.allowedHosts.indexOf(hostname) >= 0) return true;
+	if(this.allowedHosts && this.allowedHosts.length) {
+		for(let hostIdx = 0; hostIdx < this.allowedHosts.length; hostIdx++) {
+			const allowedHost = this.allowedHosts[hostIdx];
+			if(allowedHost === hostname) return true;
+
+			// support "." as a subdomain wildcard
+			// e.g. ".example.com" will allow "example.com", "www.example.com", "subdomain.example.com", etc
+			if(allowedHost[0] === ".") {
+				if(hostname === allowedHost.substring(1)) return true; // "example.com"
+				if(hostname.endsWith(allowedHost)) return true; // "*.example.com"
+			}
+		}
+	}
 
 	// allow hostname of listening adress
 	if(hostname === this.listenHostname) return true;