Web/API/SecurityPolicyViolationEvent

From Get docs

This is an experimental technologyCheck the Browser compatibility table carefully before using this in production.


The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Constructor

SecurityPolicyViolationEvent()
Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURIRead only
A USVString representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumberRead only
The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.dispositionRead only
Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".
SecurityPolicyViolationEvent.documentURIRead only
A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.effectiveDirectiveRead only
A DOMString representing the directive whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.lineNumberRead only
The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicyRead only
A DOMString containing the policy whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.referrerRead only
A USVString representing the referrer of the resources whose policy was violated. This will be a URL or null.
SecurityPolicyViolationEvent.sampleRead only
A DOMString representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFileRead only
A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.statusCodeRead only
A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirectiveRead only
A DOMString representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);    
  console.log(e.violatedDirective);    
  console.log(e.originalPolicy);
});

Specifications

Specification Status Comment
Content Security Policy Level 2The definition of 'SecurityPolicyViolationEvent' in that specification. Recommendation Initial definition.
Content Security Policy Level 3The definition of 'SecurityPolicyViolationEvent' in that specification. Working Draft  

Browser compatibility

Update compatibility data on GitHub

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari Android webview Chrome for Android Firefox for Android Opera for Android Safari on iOS Samsung Internet

SecurityPolicyViolationEvent

Experimental'

Chrome

Full support Yes

Edge

Full support ≤18

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

SecurityPolicyViolationEvent() constructor Chrome

Full support Yes

Edge

Full support ≤18

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

blockedURI Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

columnNumber Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

disposition Chrome

Full support Yes

Edge

Full support ≤18

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

documentURI Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

effectiveDirective Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

lineNumber Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

originalPolicy Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

referrer Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

sample Chrome

Full support 59

Edge

Full support ≤18

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support 46

Safari

Full support Yes

WebView Android

Full support 59

Chrome Android

Full support 59

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support 43

Safari iOS

Full support Yes

Samsung Internet Android

Full support 7.0

sourceFile Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

statusCode Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

violatedDirective Chrome

Full support Yes

Edge

Full support 15

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support Yes

Safari

Full support Yes

WebView Android

Full support Yes

Chrome Android

Full support Yes

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support Yes

Safari iOS

Full support Yes

Samsung Internet Android

Full support Yes

Available in workers Chrome

Full support 56

Edge

Full support ≤18

Firefox Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

IE

No support No

Opera

Full support 43

Safari

Full support Yes

WebView Android

Full support 56

Chrome Android

Full support 56

Firefox Android Full support 63


Full support 63


Full support 59

Disabled'

Disabled' From version 59: this feature is behind the security.csp.enable_violation_events preference (needs to be set to true). To change preferences in Firefox, visit about:config.

Opera Android

Full support 43

Safari iOS

Full support Yes

Samsung Internet Android

Full support 6.0

Legend

Full support  
Full support
No support  
No support
Experimental. Expect behavior to change in the future.'
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.'
User must explicitly enable this feature.


See also