SecurityPolicyViolationEvent

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Constructor

SecurityPolicyViolationEvent(): Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURIRead only: A USVString representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumberRead only: The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.dispositionRead only: Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".
SecurityPolicyViolationEvent.documentURIRead only: A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.effectiveDirectiveRead only: A DOMString representing the directive whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.lineNumberRead only: The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicyRead only: A DOMString containing the policy whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.referrerRead only: A USVString representing the referrer of the resources whose policy was violated. This will be a URL or null.
SecurityPolicyViolationEvent.sampleRead only: A DOMString representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFileRead only: A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.statusCodeRead only: A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirectiveRead only: A DOMString representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);
  console.log(e.violatedDirective);
  console.log(e.originalPolicy);
});

Specifications

Specification
Content Security Policy Level 3 (Content Security Policy 3) # report-violation

Browser compatibility

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	WebView Android	Chrome Android	Firefox for Android	Opera Android	Safari on IOS	Samsung Internet
`SecurityPolicyViolationEvent`	41	15	63	No	28	10	41	41	63	28	10	4.0
`SecurityPolicyViolationEvent`	41	15	63	No	28	10	41	41	63	28	10	4.0
`blockedURI`	41	15	63	No	28	10	41	41	63	28	10	4.0
`columnNumber`	41	15	63	No	28	10	41	41	63	28	10	4.0
`disposition`	56	79	63	No	43	No	56	56	63	43	No	6.0
`documentURI`	41	15	63	No	28	10	41	41	63	28	10	4.0
`effectiveDirective`	41	15	63	No	28	10	41	41	63	28	10	4.0
`lineNumber`	41	15	63	No	28	10	41	41	63	28	10	4.0
`originalPolicy`	41	15	63	No	28	10	41	41	63	28	10	4.0
`referrer`	41	15	63	No	28	10	41	41	63	28	10	4.0
`sample`	59	79	63	No	46	No	59	59	63	43	No	7.0
`sourceFile`	41	15	63	No	28	10	41	41	63	28	10	4.0
`statusCode`	41	15	63	No	28	10	41	41	63	28	10	4.0
`violatedDirective`	41	15	63	No	28	10	41	41	63	28	10	4.0
`worker_support`	56	15	63	No	43	No	56	56	63	43	No	6.0