diff --git a/packages/website/csp.js b/packages/website/csp.js
index a64eea7e..f48ee7e7 100644
--- a/packages/website/csp.js
+++ b/packages/website/csp.js
@@ -1,9 +1,12 @@
 const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
 
+/**
+ * @type {import("@sveltejs/kit").CspDirectives}
+ */
 const cspDirectives = {
     'base-uri': ["'self'"],
-    'child-src': ["'self'"],
-    'connect-src': ["'self'", "https://*.google-analytics.com"],
+    'child-src': ["'self'", "blob:"],
+    'connect-src': ["'self'", "https://*.google-analytics.com", "https://*.sentry.io"],
     // 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
     'img-src': ["'self'", 'data:',
         'https://*.googletagmanager.com'],
@@ -49,12 +52,15 @@ const cspDirectives = {
         // 'https://*.sentry.io',
         // 'https://polyfill.io',
     ],
-    'worker-src': ["'self'"],
+    'worker-src': ["'self'", "blob:"],
     // remove report-to & report-uri if you do not want to use Sentry reporting
-    //   'report-to': ["'csp-endpoint'"],
-    //   'report-uri': [
-    //     `https://sentry.io/api/${process.env.VITE_SENTRY_PROJECT_ID}/security/?sentry_key=${process.env.VITE_SENTRY_KEY}`,
-    //   ],
+    'report-to': ["'csp-endpoint'"],
+    'report-uri': [
+        'https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312',
+    ],
 };
 
+// Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312"}],"include_subdomains":true}
+
+
 export default cspDirectives;
\ No newline at end of file
diff --git a/packages/website/src/hooks.server.ts b/packages/website/src/hooks.server.ts
index 9d3c6402..320a8527 100644
--- a/packages/website/src/hooks.server.ts
+++ b/packages/website/src/hooks.server.ts
@@ -19,6 +19,7 @@ const securityHeaders = {
     'Cross-Origin-Opener-Policy': 'same-origin',
     'Cross-Origin-Resource-Policy': 'same-origin',
 
+    'Report-To': '{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312"}],"include_subdomains":true}',
 }
 
 export const handle: Handle = sequence(Sentry.sentryHandle(), async ({ event, resolve }) => {