The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements.


The event is fired on the element that violates the policy and bubbles. It is normally handled by an event handler on the Window or Document object. One can naturally listen to that event via the EventTarget.addEventListener() API. However, web developers are also familiar with the alternative attribute-based form (e.g. element.addEventListener("securitypolicyviolation", ...) Vs on <element.onsecuritypolicyviolation="...">) which is sometimes convenient for quick testing. For consistency with other events, an attribute onsecuritypolicyviolation is thus added.



Specification link

Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.


Last updated on 2021-10-28