# Security and Spam Prevention

To avoid malicious use of your organization's Rep.ai widget, and to prevent your team from wasting time on spam callers, there are a few options that you can configure on the settings [Security page](http://app.rep.ai/settings/security).

### Domain Allow List

Add a list of all the domains you plan to use the Rep.ai widget on. Any attempts to load the widget on other web pages will be blocked, and you'll never see those clients in the dashboard. Domains are subdomain specific, so connections from `app.mycompany.com` will be rejected if your allow list only contains `mycompany.com`. The allow list currently does not support wildcarding.

#### Development domains

While you can manually specify your development domains along side your public domains, we also include a toggle to allow connections from most common development domains without having to exhaust your available domains. These include:

* All `localhost` ports
* Any IP address (e.g. `http://127.0.0.1`)
* Any `.local` domain


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.rep.ai/security-and-spam-prevention.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.