SecurityPolicyViolationEvent: disposition property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2021.

Note: This feature is available in Web Workers.

The disposition read-only property of the SecurityPolicyViolationEvent interface indicates how the violated Content Security Policy (CSP) is configured to be treated by the user agent.

Value

Possible values are:

"enforce"

The policy is enforced and the resource request is blocked.

"report"

The violation is reported but the resource request is not blocked.

Examples

js
document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.disposition);
});

Specifications

Specification
Content Security Policy Level 3
# dom-securitypolicyviolationevent-disposition

Browser compatibility

See also