diff --git a/hack/scripts-dev/docker-dns/certs/run.sh b/hack/scripts-dev/docker-dns/certs/run.sh
index 1ef72d40f..9311c618b 100755
--- a/hack/scripts-dev/docker-dns/certs/run.sh
+++ b/hack/scripts-dev/docker-dns/certs/run.sh
@@ -32,7 +32,6 @@ ETCDCTL_API=3 ./etcdctl \
   --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
   get abc
 
-# TODO: add host header check to enforce same-origin-policy
 printf "\nWriting v2 key...\n"
 curl -L https://127.0.0.1:2379/v2/keys/queue \
   --cacert /certs/ca.crt \
diff --git a/hack/scripts-dev/docker-dns/insecure/Procfile b/hack/scripts-dev/docker-dns/insecure/Procfile
index 0029aeda6..ad87e4191 100644
--- a/hack/scripts-dev/docker-dns/insecure/Procfile
+++ b/hack/scripts-dev/docker-dns/insecure/Procfile
@@ -1,6 +1,6 @@
 # Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380
+etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
 
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380
+etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
 
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380
\ No newline at end of file
+etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
\ No newline at end of file
diff --git a/hack/scripts-dev/docker-dns/insecure/run.sh b/hack/scripts-dev/docker-dns/insecure/run.sh
index 683329b7e..5f4ca0735 100755
--- a/hack/scripts-dev/docker-dns/insecure/run.sh
+++ b/hack/scripts-dev/docker-dns/insecure/run.sh
@@ -23,7 +23,6 @@ ETCDCTL_API=3 ./etcdctl \
   --endpoints=http://m1.etcd.local:2379,http://m2.etcd.local:22379,http://m3.etcd.local:32379 \
   get abc
 
-# TODO: add host header check to enforce same-origin-policy
 printf "\nWriting v2 key...\n"
 curl \
   -L http://127.0.0.1:2379/v2/keys/queue \