This feature is well established and works across many devices and browser versions. It’s been available across browsers since October 2018.
Note: This feature is available in Web Workers.
The effectiveDirective read-only property of the SecurityPolicyViolationEvent interface is a string representing the Content Security Policy (CSP) directive that was violated.
This supersedes SecurityPolicyViolationEvent.violatedDirective, its historical alias.
A string representing the particular Content-Security-Policy directive that was violated.
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.effectiveDirective);
});
| Specification |
|---|
| Content Security Policy Level 3> # dom-securitypolicyviolationevent-effectivedirective> |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | WebView on iOS | |
effectiveDirective |
41 | 15 | 63 | 28 | 10 | 41 | 63 | 28 | 10 | 4.0 | 41 | 10 |
© 2005–2025 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent/effectiveDirective