diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b35171f..205e757 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,7 +4,7 @@ on:
   - push
 
 env:
-  GO_VERSION: 1.18
+  GO_VERSION: 1.19
 
 jobs:
   build:
@@ -14,12 +14,12 @@ jobs:
     steps:
 
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GO_VERSION }}
 
diff --git a/go.mod b/go.mod
index 1fc9f41..1cea0d1 100644
--- a/go.mod
+++ b/go.mod
@@ -1,9 +1,17 @@
 module github.com/sosedoff/gitkit
 
-go 1.16
+go 1.19
 
 require (
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
+	golang.org/x/exp v0.0.0-20230203172020-98cc5a0785f9
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )
diff --git a/go.sum b/go.sum
index 1607b45..e0b183a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,6 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -9,13 +10,11 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/exp v0.0.0-20230203172020-98cc5a0785f9 h1:frX3nT9RkKybPnjyI+yvZh6ZucTZatCCEm9D47sZ2zo=
+golang.org/x/exp v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
diff --git a/receiver.go b/receiver.go
index f4a02fb..29ade01 100644
--- a/receiver.go
+++ b/receiver.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/gofrs/uuid"
+	"golang.org/x/exp/slices"
 )
 
 const ZeroSHA = "0000000000000000000000000000000000000000"
@@ -16,6 +17,7 @@ const ZeroSHA = "0000000000000000000000000000000000000000"
 type Receiver struct {
 	Debug       bool
 	MasterOnly  bool
+	AllowedRefs []string
 	TmpDir      string
 	HandlerFunc func(*HookInfo, string) error
 }
@@ -45,14 +47,30 @@ func IsForcePush(hook *HookInfo) (bool, error) {
 	return base != hook.OldRev, nil
 }
 
+func (r *Receiver) CheckAllowedBranch(hook *HookInfo) error {
+	if r.MasterOnly { // for BC
+		r.AllowedRefs = append(r.AllowedRefs, "refs/heads/master")
+	}
+
+	if len(r.AllowedRefs) == 0 {
+		return nil
+	}
+
+	if !slices.Contains(r.AllowedRefs, hook.Ref) {
+		return fmt.Errorf("cannot push branch, allowed branches: %s", strings.Join(r.AllowedRefs, ", "))
+	}
+
+	return nil
+}
+
 func (r *Receiver) Handle(reader io.Reader) error {
 	hook, err := ReadHookInput(reader)
 	if err != nil {
 		return err
 	}
 
-	if r.MasterOnly && hook.Ref != "refs/heads/master" {
-		return fmt.Errorf("cant push to non-master branch")
+	if err = r.CheckAllowedBranch(hook); err != nil {
+		return err
 	}
 
 	id, err := uuid.NewV4()
diff --git a/receiver_test.go b/receiver_test.go
new file mode 100644
index 0000000..2c6309f
--- /dev/null
+++ b/receiver_test.go
@@ -0,0 +1,91 @@
+package gitkit_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/sosedoff/gitkit"
+	"github.com/stretchr/testify/assert"
+)
+
+type gitReceiveMock struct {
+	name            string
+	masterOnly      bool
+	allowedBranches []string
+	ref             string
+	err             error
+}
+
+func TestMasterOnly(t *testing.T) {
+	testCases := []gitReceiveMock{
+		{
+			name:       "push to master, no error",
+			masterOnly: true,
+			ref:        "refs/heads/master",
+			err:        nil,
+		},
+		{
+			name:       "push to a branch, should trigger error",
+			masterOnly: true,
+			ref:        "refs/heads/branch",
+			err:        fmt.Errorf("cannot push branch, allowed branches: refs/heads/master"),
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			r := &gitkit.Receiver{
+				MasterOnly: tc.masterOnly,
+			}
+
+			err := r.CheckAllowedBranch(&gitkit.HookInfo{
+				Ref: tc.ref,
+			})
+
+			assert.Equal(t, tc.err, err)
+		})
+	}
+}
+
+func TestAllowedBranches(t *testing.T) {
+	testCases := []gitReceiveMock{
+		{
+			name:            "push to master, no error",
+			allowedBranches: []string{"refs/heads/master"},
+			ref:             "refs/heads/master",
+			err:             nil,
+		},
+		{
+			name:            "push to a branch, should trigger error",
+			allowedBranches: []string{"refs/heads/master"},
+			ref:             "refs/heads/some-branch",
+			err:             fmt.Errorf("cannot push branch, allowed branches: refs/heads/master"),
+		},
+		{
+			name:            "push to another-branch",
+			allowedBranches: []string{"refs/heads/another-branch"},
+			ref:             "refs/heads/another-branch",
+			err:             nil,
+		},
+		{
+			name:            "push to main and only allow main",
+			allowedBranches: []string{"refs/heads/main"},
+			ref:             "refs/heads/main",
+			err:             nil,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			r := &gitkit.Receiver{
+				AllowedRefs: tc.allowedBranches,
+			}
+
+			err := r.CheckAllowedBranch(&gitkit.HookInfo{
+				Ref: tc.ref,
+			})
+
+			assert.Equal(t, tc.err, err)
+		})
+	}
+}