This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The sample read-only property of the SecurityPolicyViolationEvent interface is a DOMString representing a sample of the resource that caused the violation.


let sample = violationEventInstance.sample;


A DOMString containing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.


document.addEventListener("securitypolicyviolation", (e) => {


Specification Status Comment
Content Security Policy Level 3
The definition of 'sample' in that specification.
Working Draft Initial definition

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support59 Yes591 No46 Yes
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support5959 Yes59146 Yes7.0

1. From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

See also

Document Tags and Contributors

Contributors to this page: fscholz, chrisdavidmills
Last updated by: fscholz,