This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The disposition read-only property of the SecurityPolicyViolationEvent interface indicates how the violated policy is configured to be treated by the user agent.


let disposition = violationEventInstance.disposition;


A value defined in the SecurityPolicyViolationEventDisposition enum representing the URI of the blocked resource. Possible values are "enforce" or "report"


document.addEventListener("securitypolicyviolation", (e) => {


Specification Status Comment
Content Security Policy Level 3
The definition of 'disposition' in that specification.
Working Draft Initial definition

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support Yes Yes591 No Yes Yes
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support Yes Yes Yes591 Yes Yes Yes

1. From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

See also

Document Tags and Contributors

Contributors to this page: fscholz, chrisdavidmills
Last updated by: fscholz,