diff --git a/octopoes/bits/disallowed_csp_hostnames/disallowed_csp_hostnames.py b/octopoes/bits/disallowed_csp_hostnames/disallowed_csp_hostnames.py
index c67b8e01bb8..5dcdfa1b969 100644
--- a/octopoes/bits/disallowed_csp_hostnames/disallowed_csp_hostnames.py
+++ b/octopoes/bits/disallowed_csp_hostnames/disallowed_csp_hostnames.py
@@ -31,9 +31,13 @@ def run(input_ooi: HTTPHeaderHostname, additional_oois: list, config: dict[str,
     disallowed_hostnames_from_config = get_disallowed_hostnames_from_config(config, "disallowed_hostnames", [])
 
     disallowed_domains.extend(disallowed_hostnames_from_config)
-
-    if hostname.lower() in disallowed_domains:
-        ft = KATFindingType(id="KAT-DISALLOWED-DOMAIN-IN-CSP")
-        f = Finding(ooi=input_ooi.reference, finding_type=ft.reference)
-        yield ft
-        yield f
+    hostnameparts = hostname.lower().split(".")
+
+    # For e.g. ["www", "example", "com"], check "www.example.com", "example.com" and "com"
+    for i in range(len(hostnameparts)):
+        if ".".join(hostnameparts[i:]) in disallowed_domains:
+            ft = KATFindingType(id="KAT-DISALLOWED-DOMAIN-IN-CSP")
+            f = Finding(ooi=input_ooi.reference, finding_type=ft.reference)
+            yield ft
+            yield f
+            break
diff --git a/octopoes/tests/test_disallowed_csp_hostnames.py b/octopoes/tests/test_disallowed_csp_hostnames.py
index 60abf4b38c5..cb718dd9545 100644
--- a/octopoes/tests/test_disallowed_csp_hostnames.py
+++ b/octopoes/tests/test_disallowed_csp_hostnames.py
@@ -65,3 +65,23 @@ def test_disallowed_csp_headers_disallow_custom_hostname():
             ooi=http_header_hostname.reference, finding_type=KATFindingType(id="KAT-DISALLOWED-DOMAIN-IN-CSP").reference
         ),
     ]
+
+
+def test_disallowed_csp_headers_disallow_subdomains():
+    http_header_hostname = HTTPHeaderHostname(
+        hostname=Reference.from_str("Hostname|internet|subdomain.example.com"),
+        header=Reference.from_str(
+            "HTTPHeader|internet|1.1.1.1|tcp|443|https|internet|subdomain.example.com|https|internet|subdomain.example.com|443||Content-Security-Policy"
+        ),
+    )
+
+    results = list(run(http_header_hostname, [], {"disallowed_hostnames": "example.com"}))
+
+    assert "subdomain" in http_header_hostname.reference
+
+    assert results == [
+        KATFindingType(id="KAT-DISALLOWED-DOMAIN-IN-CSP"),
+        Finding(
+            ooi=http_header_hostname.reference, finding_type=KATFindingType(id="KAT-DISALLOWED-DOMAIN-IN-CSP").reference
+        ),
+    ]