diff --git a/files/routes/allroutes.py b/files/routes/allroutes.py
index 7351239fc..37122600b 100644
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@@ -52,10 +52,12 @@ def teardown_request(error):
 @app.after_request
 def after_request(response: Response):
 	response.headers.add("Content-Security-Policy", ("""
-		script-src 'self' 'unsafe-inline' https://*.googletagmanager.com;
+		script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com;
 		img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
-		connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
+		connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://hcaptcha.com, https://*.hcaptcha.com;
 		object-src 'none';
+		frame-src https://hcaptcha.com https://*.hcaptcha.com;
+		style-src https://hcaptcha.com https://*.hcaptcha.com;
 	""".replace('\n', '').replace('\t', ' ')))
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")