This feature is well established and works across many devices and browser versions. It’s been available across browsers since October 2018.
* Some parts of this feature may have varying levels of support.
Note: This feature is available in Web Workers.
The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of a securitypolicyviolation event sent on an Element, Document, or worker when its Content Security Policy (CSP) is violated.
SecurityPolicyViolationEvent()Creates a new SecurityPolicyViolationEvent object instance.
SecurityPolicyViolationEvent.blockedURI Read only
A string representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumber Read only
The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.disposition Read only
A string indicating whether the user agent is configured to enforce or just report the policy violation.
SecurityPolicyViolationEvent.documentURI Read only
A string representing the URI of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.effectiveDirective Read only
A string representing the directive that was violated.
SecurityPolicyViolationEvent.lineNumber Read only
The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicy Read only
A string containing the policy whose enforcement caused the violation.
SecurityPolicyViolationEvent.referrer Read only
A string representing the URL for the referrer of the resources whose policy was violated, or null.
SecurityPolicyViolationEvent.sample Read only
A string representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFile Read only
If the violation occurred as a result of a script, this will be the URL of the script; otherwise, it will be null. Both columnNumber and lineNumber should have non-null values if this property is not null.
SecurityPolicyViolationEvent.statusCode Read only
A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirective Read only
A string representing the directive that was violated. This is a historical alias of effectiveDirective.
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.blockedURI);
console.log(e.violatedDirective);
console.log(e.originalPolicy);
});
| Specification |
|---|
| Content Security Policy Level 3> # report-violation> |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | WebView on iOS | |
SecurityPolicyViolationEvent |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
SecurityPolicyViolationEvent |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
blockedURI |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
columnNumber |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
disposition |
56 | 79 | 63 | 43 | 15 | 56 | 63 | 43 | 15 | 6.0 | 56 | 15 |
documentURI |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
effectiveDirective |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
lineNumber |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
originalPolicy |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
referrer |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
sample |
59 | 79 | 63 | 46 | 15 | 59 | 63 | 43 | 15 | 7.0 | 59 | 15 |
sourceFile |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
statusCode |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
violatedDirective |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
worker_support |
56 | 15 | 63 | 43 | No | 56 | 63 | 43 | No | 6.0 | 56 | No |
CSPViolationReportBodysecuritypolicyviolation event of the Element interfacesecuritypolicyviolation event of the Document interfacesecuritypolicyviolation event of the WorkerGlobalScope interface
© 2005–2025 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent