diff --git a/config/settings.py b/config/settings.py
index befe05c..59e0ad8 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -20,13 +20,8 @@ load_dotenv(BASE_DIR.parent / ".env")
 SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "change-me")
 DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true"
 
-ALLOWED_HOSTS = [
-    "127.0.0.1",
-    "localhost",
-    os.getenv("HOST_FQDN", ""),
-    ".sslip.io",
-    ".coolify.io",
-]
+# Allow all hosts to avoid 404/400 errors during initial deployment
+ALLOWED_HOSTS = ["*"]
 
 CSRF_TRUSTED_ORIGINS = [
     origin for origin in [
@@ -38,8 +33,8 @@ CSRF_TRUSTED_ORIGINS = [
     f"https://{host}" if not host.startswith(("http://", "https://")) else host
     for host in CSRF_TRUSTED_ORIGINS
 ]
-# Also allow sslip/coolify for CSRF if needed (wildcards not supported in CSRF_TRUSTED_ORIGINS, requires exact match)
-# Users must set HOST_FQDN or CSRF_TRUSTED_ORIGIN for POST requests to work on these domains.
+# Add the current sslip domain if known, or rely on wildcard matching (Django 4.0+ requires explicit trusted origins for CSRF)
+# For now, we rely on the user setting HOST_FQDN correctly.
 
 # Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy.
 SESSION_COOKIE_SECURE = True
diff --git a/config/urls.py b/config/urls.py
index 9e2e83c..3043a34 100644
--- a/config/urls.py
+++ b/config/urls.py
@@ -3,6 +3,7 @@ from django.urls import path, include
 from django.conf import settings
 from django.conf.urls.static import static
 from django.conf.urls.i18n import i18n_patterns
+from django.http import HttpResponse
 
 from rest_framework import permissions
 from drf_yasg.views import get_schema_view
@@ -22,6 +23,7 @@ schema_view = get_schema_view(
 )
 
 urlpatterns = [
+    path('health/', lambda request: HttpResponse("OK")),  # Simple health check
     path('i18n/', include('django.conf.urls.i18n')),
     # Swagger / Redoc
     path('swagger<format>/', schema_view.without_ui(cache_timeout=0), name='schema-json'),
diff --git a/requirements.txt b/requirements.txt
index 47ee07c..acabb89 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,4 +9,5 @@ djangorestframework==3.15.1
 drf-yasg
 gunicorn==22.0.0
 django-cors-headers
-django-admin-rangefilter
\ No newline at end of file
+django-admin-rangefilter
+requests