SecurityPolicyViolationEvent

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Constructor

SecurityPolicyViolationEvent()
Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURIRead only
A USVString representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumberRead only
The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.dispositionRead only
Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".
SecurityPolicyViolationEvent.documentURIRead only
A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.effectiveDirectiveRead only
A DOMString representing the directive whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.lineNumberRead only
The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicyRead only
A DOMString containing the policy whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.referrerRead only
A USVString representing the referrer of the resources whose policy was violated. This will be a URL or null.
SecurityPolicyViolationEvent.sampleRead only
A DOMString representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFileRead only
A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.statusCodeRead only
A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirectiveRead only
A DOMString representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);    
  console.log(e.violatedDirective);    
  console.log(e.originalPolicy);
});

Specifications

Specification Status Comment
Content Security Policy Level 3
The definition of 'SecurityPolicyViolationEvent' in that specification.
Working Draft Initial definition.

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Basic support
Experimental
Chrome Full support YesEdge Full support YesFirefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
SecurityPolicyViolationEvent support in workersChrome Full support 56Edge Full support YesFirefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support 43Safari Full support YesWebView Android Full support 56Chrome Android Full support 56Edge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 43Safari iOS Full support YesSamsung Internet Android Full support 6.0
SecurityPolicyViolationEvent() constructorChrome Full support YesEdge Full support YesFirefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
blockedURIChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
columnNumberChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
dispositionChrome Full support YesEdge Full support YesFirefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
documentURIChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
effectiveDirectiveChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
lineNumberChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
originalPolicyChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
referrerChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
sampleChrome Full support 59Edge Full support YesFirefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support 46Safari Full support YesWebView Android Full support 59Chrome Android Full support 59Edge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 46Safari iOS Full support YesSamsung Internet Android Full support 7.0
sourceFileChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
statusCodeChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
violatedDirectiveChrome Full support YesEdge Full support 15Firefox Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesEdge Mobile Full support YesFirefox Android Full support 63
Full support 63
Full support 59
Disabled
Disabled From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes

Legend

Full support  
Full support
No support  
No support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.
User must explicitly enable this feature.

See also

 

Document Tags and Contributors

Contributors to this page: fscholz, chrisdavidmills, tocretpa, mattwojo, david_ross, jpmedley
Last updated by: fscholz,