SecurityPolicyViolationEvent.blockedURI

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The blockedURI read-only property of the SecurityPolicyViolationEvent interface is a USVString representing the URI of the resource that was blocked because it violates a policy.

Syntax

let blockedURI = violationEventInstance.blockedURI;

Value

A USVString representing the URI of the blocked resource.

Example

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);
});

Specifications

Specification	Status	Comment
Content Security Policy Level 3 The definition of 'blockedURI' in that specification.	Working Draft	Initial definition

Browser compatibility

Update compatibility data on GitHub

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Firefox for Android	Opera for Android	Safari on iOS	Samsung Internet
`blockedURI`	Chrome Full support Yes	Edge Full support 15	Firefox Full support 63 Full support 63 Full support 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support Yes	Safari Full support Yes	WebView Android Full support Yes	Chrome Android Full support Yes	Firefox Android Full support 63 Full support 63 Full support 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support Yes	Safari iOS Full support Yes	Samsung Internet Android Full support Yes

Legend

Full support: Full support
No support: No support
User must explicitly enable this feature.: User must explicitly enable this feature.