This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2021.
Note: This feature is available in Web Workers.
The disposition read-only property of the SecurityPolicyViolationEvent interface indicates how the violated Content Security Policy (CSP) is configured to be treated by the user agent.
Possible values are:
"enforce"The policy is enforced and the resource request is blocked.
"report"The violation is reported but the resource request is not blocked.
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.disposition);
});
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | WebView on iOS | |
disposition |
56 | 79 | 63 | 43 | 15 | 56 | 63 | 43 | 15 | 6.0 | 56 | 15 |
© 2005–2025 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent/disposition