SecurityPolicyViolationEvent: originalPolicy property

The originalPolicy read-only property of the SecurityPolicyViolationEvent interface is a string containing the Content Security Policy (CSP) whose enforcement uncovered the violation.

Value

A string representing the policy whose enforcement uncovered the violation.

This is the string in the Content-Security-Policy HTTP header that contains the list of directives and their values that make the CSP policy.

Examples

js
document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.originalPolicy);
});

Specifications

Specification
Content Security Policy Level 3
# dom-securitypolicyviolationevent-originalpolicy

Browser compatibility

BCD tables only load in the browser

See also