# Content-Security-Policy (CSP)

Content-Security-Policy (CSP) is a browser feature that limits what origins (i.e. domains) your page can interact with. When you configure a security policy on your website, the browser will reject any connections that don't fit the policy. If you're using the `<script>` tag to inject Rep.ai into your site, it's likely you may not have added the Rep.ai domains to your policy.

To use Rep.ai with a CSP, add the following directives **only** if you've already specified them for your other resources:

| **Directive** | **Value**                                                                                                                                                                                           |
| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `connect-src` | <p><code>https\://*.servicebell.com</code></p><p><code>wss\://*.servicebell.com</code></p><p><code>https\://*.rep.ai</code></p><p><code>wss\://*.rep.ai</code></p><p><code>\*.twilio.com</code></p> |
| `script-src`  | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p><p><code>https\://\*.calendly.com</code></p>                                                                        |
| `worker-src`  | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p>                                                                                                                    |
| `style-src`   | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p>                                                                                                                    |
| `img-src`     | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p>                                                                                                                    |
| `media-src`   | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p><p><code>mediastream:</code></p>                                                                                    |
| `font-src`    | <p><code>https\://*.servicebell.com</code><br><code>https\://*.rep.ai</code></p>                                                                                                                    |
| `webrtc`      | `'allow'`                                                                                                                                                                                           |