diff --git a/backend/routes/clickTtHttpPageRoutes.js b/backend/routes/clickTtHttpPageRoutes.js
index 619a4842..551779f1 100644
--- a/backend/routes/clickTtHttpPageRoutes.js
+++ b/backend/routes/clickTtHttpPageRoutes.js
@@ -57,7 +57,17 @@ function serializeFormBody(req) {
 }
 
 /** Domains, deren Links durch den Proxy umgeleitet werden (für Folge-Logs) */
-const PROXY_DOMAINS = ['click-tt.de', 'httv.de'];
+const PROXY_DOMAINS = ['click-tt.de', 'httv.de', 'liga.nu'];
+
+function isAllowedProxyUrl(url) {
+  if (!url || typeof url !== 'string') return false;
+  try {
+    const hostname = new URL(url).hostname.toLowerCase();
+    return PROXY_DOMAINS.some(domain => hostname === domain || hostname.endsWith(`.${domain}`));
+  } catch {
+    return false;
+  }
+}
 
 /**
  * Prüft, ob eine URL durch unseren Proxy umgeleitet werden soll
@@ -66,7 +76,7 @@ function shouldProxyUrl(href) {
   if (!href || typeof href !== 'string') return false;
   const h = href.trim();
   if (h.startsWith('#') || h.startsWith('javascript:')) return false;
-  return PROXY_DOMAINS.some(d => h.includes(d));
+  return isAllowedProxyUrl(h);
 }
 
 /**
@@ -242,8 +252,8 @@ router.get('/proxy', async (req, res, next) => {
     let fetchType = 'proxy';
 
     if (url) {
-      if (!url.includes('click-tt.de') && !url.includes('httv.de')) {
-        return res.status(400).send('<html><body><h1>Fehler</h1><p>Nur URLs von click-tt.de oder httv.de sind erlaubt.</p></body></html>');
+      if (!isAllowedProxyUrl(url)) {
+        return res.status(400).send('<html><body><h1>Fehler</h1><p>Nur URLs von click-tt.de, httv.de oder liga.nu sind erlaubt.</p></body></html>');
       }
       targetUrl = url;
       fetchType = 'arbitrary';
@@ -343,8 +353,8 @@ router.post('/proxy', async (req, res, next) => {
     const cookies = cookieStore.get(sid) || {};
 
     const targetUrl = req.query.url;
-    if (!targetUrl || (!targetUrl.includes('click-tt.de') && !targetUrl.includes('httv.de'))) {
-      return res.status(400).send('<html><body><h1>Fehler</h1><p>Parameter url (click-tt.de oder httv.de) erforderlich.</p></body></html>');
+    if (!targetUrl || !isAllowedProxyUrl(targetUrl)) {
+      return res.status(400).send('<html><body><h1>Fehler</h1><p>Parameter url (click-tt.de, httv.de oder liga.nu) erforderlich.</p></body></html>');
     }
 
     const contentType = req.get('content-type') || 'application/x-www-form-urlencoded';