Document: securitypolicyviolation event

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨March 2022⁩.

Learn more
See full compatibility
Report feedback

The securitypolicyviolation event is fired when a Content Security Policy is violated.

The event is fired on the document when there is a violation of the document CSP policy (and may also bubble from elements in the document).

This event bubbles to the Window object, and is composed.

Note: You should generally add the handler for this event to a top level object (i.e., Window or Document). While HTML elements can technically be the target of the securitypolicyviolation event, in reality this event does not fire on them—for example, a blocked <img> source directly triggers this event on document as the target, instead of bubbling from the <img> element.