diff --git a/src/cspDirectives.ts b/src/cspDirectives.ts
index c425a4c..9ee6619 100644
--- a/src/cspDirectives.ts
+++ b/src/cspDirectives.ts
@@ -8,7 +8,7 @@ import {
   PUBLIC_WORKER_URL
 } from '$env/static/public'
 
-export const rootDomain = PUBLIC_SITE_DOMAIN // or your server IP for dev
+const rootDomain = PUBLIC_SITE_DOMAIN // or your server IP for dev
 
 const directives = {
   'base-uri': ["'self'"],
@@ -45,8 +45,8 @@ const directives = {
   'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
   'default-src': [
     "'self'",
-    rootDomain,
-    `ws://${rootDomain}`,
+    PUBLIC_SITE_DOMAIN,
+    `ws://${PUBLIC_SITE_DOMAIN}`,
     // 'https://*.google.com',
     // 'https://*.googleapis.com',
     // 'https://*.firebase.com',
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 250b922..1baed96 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -6,7 +6,7 @@ import { handleErrorWithSentry, sentryHandle } from '@sentry/sveltekit'
 import * as Sentry from '@sentry/sveltekit'
 import { PUBLIC_SENTRY_KEY, PUBLIC_SENTRY_PROJECT_ID, PUBLIC_SENTRY_ORG_ID } from '$env/static/public'
 
-import { csp, rootDomain } from './cspDirectives'
+import { csp } from './cspDirectives'
 
 Sentry.init({
   dsn: `https://${PUBLIC_SENTRY_KEY}@${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/${PUBLIC_SENTRY_PROJECT_ID}`,
@@ -23,7 +23,7 @@ export const cspHandle: Handle = async ({ event, resolve }) => {
   const headers = {
     'X-Frame-Options': 'SAMEORIGIN',
     'Referrer-Policy': 'no-referrer',
-    'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${rootDomain}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
+    'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${PUBLIC_SITE_DOMAIN}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
     'X-Content-Type-Options': 'nosniff',
     // 'Content-Security-Policy-Report-Only': csp,
     'Content-Security-Policy': csp,