summaryrefslogtreecommitdiffstats
path: root/l10n-en-GB/dom/chrome/security
diff options
context:
space:
mode:
Diffstat (limited to 'l10n-en-GB/dom/chrome/security')
-rw-r--r--l10n-en-GB/dom/chrome/security/caps.properties9
-rw-r--r--l10n-en-GB/dom/chrome/security/csp.properties125
-rw-r--r--l10n-en-GB/dom/chrome/security/security.properties167
3 files changed, 301 insertions, 0 deletions
diff --git a/l10n-en-GB/dom/chrome/security/caps.properties b/l10n-en-GB/dom/chrome/security/caps.properties
new file mode 100644
index 0000000000..6d30d79b82
--- /dev/null
+++ b/l10n-en-GB/dom/chrome/security/caps.properties
@@ -0,0 +1,9 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CheckLoadURIError = Security Error: Content at %S may not load or link to %S.
+CheckSameOriginError = Security Error: Content at %S may not load data from %S.
+ExternalDataError = Security Error: Content at %S attempted to load %S, but may not load external data when being used as an image.
+
+CreateWrapperDenied = Permission denied to create wrapper for object of class %S
+CreateWrapperDeniedForOrigin = Permission denied for <%2$S> to create wrapper for object of class %1$S
diff --git a/l10n-en-GB/dom/chrome/security/csp.properties b/l10n-en-GB/dom/chrome/security/csp.properties
new file mode 100644
index 0000000000..c75d8a132b
--- /dev/null
+++ b/l10n-en-GB/dom/chrome/security/csp.properties
@@ -0,0 +1,125 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# CSP Warnings:
+# LOCALIZATION NOTE (CSPViolation):
+# %1$S is the reason why the resource has not been loaded.
+CSPViolation = The page's settings blocked the loading of a resource: %1$S
+# LOCALIZATION NOTE (CSPViolationWithURI):
+# %1$S is the directive that has been violated.
+# %2$S is the URI of the resource which violated the directive.
+CSPViolationWithURI = The page's settings blocked the loading of a resource at %2$S ("%1$S").
+# LOCALIZATION NOTE (CSPROViolation):
+# %1$S is the reason why the resource has not been loaded.
+CSPROViolation = A violation occurred for a report-only CSP policy ("%1$S"). The behaviour was allowed, and a CSP report was sent.
+# LOCALIZATION NOTE (CSPROViolationWithURI):
+# %1$S is the directive that has been violated.
+# %2$S is the URI of the resource which violated the directive.
+CSPROViolationWithURI = The page's settings observed the loading of a resource at %2$S ("%1$S"). A CSP report is being sent.
+# LOCALIZATION NOTE (triedToSendReport):
+# %1$S is the URI we attempted to send a report to.
+triedToSendReport = Tried to send report to invalid URI: "%1$S"
+tooManyReports = Prevented too many CSP reports from being sent within a short period of time.
+# LOCALIZATION NOTE (couldNotParseReportURI):
+# %1$S is the report URI that could not be parsed
+couldNotParseReportURI = couldn't parse report URI: %1$S
+# LOCALIZATION NOTE (couldNotProcessUnknownDirective):
+# %1$S is the unknown directive
+couldNotProcessUnknownDirective = Couldn't process unknown directive '%1$S'
+# LOCALIZATION NOTE (ignoringUnknownOption):
+# %1$S is the option that could not be understood
+ignoringUnknownOption = Ignoring unknown option %1$S
+# LOCALIZATION NOTE (ignoringDuplicateSrc):
+# %1$S defines the duplicate src
+ignoringDuplicateSrc = Ignoring duplicate source %1$S
+# LOCALIZATION NOTE (ignoringNonAsciiToken):
+# %1$S defines the name of the directive
+# %2$S is the token string containing non-ASCII characters.
+ignoringNonAsciiToken = Ignoring directive ‘%1$S’ with the non-ASCII token ‘%2$S’
+# LOCALIZATION NOTE (ignoringSrcFromMetaCSP):
+# %1$S defines the ignored src
+ignoringSrcFromMetaCSP = Ignoring source '%1$S' (Not supported when delivered via meta element).
+# LOCALIZATION NOTE (ignoringSrcWithinNonceOrHashDirective):
+# %1$S is the ignored src (e.g. "unsafe-inline")
+# %2$S is the directive (e.g. "script-src-elem")
+ignoringSrcWithinNonceOrHashDirective = Ignoring “%1$S” within %2$S: nonce-source or hash-source specified
+# LOCALIZATION NOTE (ignoringScriptSrcForStrictDynamic):
+# %1$S is the ignored src
+# %1$S is the directive src (e.g. "script-src-elem")
+# 'strict-dynamic' should not be localized
+ignoringScriptSrcForStrictDynamic = Ignoring “%1$S” within %2$S: ‘strict-dynamic’ specified
+# LOCALIZATION NOTE (ignoringStrictDynamic):
+# %1$S is the ignored src
+ignoringStrictDynamic = Ignoring source “%1$S” (Only supported within script-src).
+# LOCALIZATION NOTE (ignoringUnsafeEval):
+# %1$S is the csp directive (e.g. script-src-elem)
+# 'unsafe-eval' and 'wasm-unsafe-eval' should not be localized
+ignoringUnsafeEval = Ignoring ‘unsafe-eval’ or ‘wasm-unsafe-eval’ inside “%1$S”.
+# LOCALIZATION NOTE (strictDynamicButNoHashOrNonce):
+# %1$S is the csp directive that contains 'strict-dynamic'
+# 'strict-dynamic' should not be localized
+strictDynamicButNoHashOrNonce = Keyword ‘strict-dynamic’ within “%1$S” with no valid nonce or hash might block all scripts from loading
+# LOCALIZATION NOTE (reportURInotHttpsOrHttp2):
+# %1$S is the ETLD of the report URI that is not HTTP or HTTPS
+reportURInotHttpsOrHttp2 = The report URI (%1$S) should be an HTTP or HTTPS URI.
+# LOCALIZATION NOTE (reportURInotInReportOnlyHeader):
+# %1$S is the ETLD of the page with the policy
+reportURInotInReportOnlyHeader = This site (%1$S) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
+# LOCALIZATION NOTE (failedToParseUnrecognizedSource):
+# %1$S is the CSP Source that could not be parsed
+failedToParseUnrecognizedSource = Failed to parse unrecognised source %1$S
+# LOCALIZATION NOTE (upgradeInsecureRequest):
+# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
+upgradeInsecureRequest = Upgrading insecure request '%1$S' to use '%2$S'
+# LOCALIZATION NOTE (ignoreSrcForDirective):
+ignoreSrcForDirective = Ignoring srcs for directive '%1$S'
+# LOCALIZATION NOTE (hostNameMightBeKeyword):
+# %1$S is the hostname in question and %2$S is the keyword
+hostNameMightBeKeyword = Interpreting %1$S as a hostname, not a keyword. If you intended this to be a keyword, use '%2$S' (wrapped in single quotes).
+# LOCALIZATION NOTE (notSupportingDirective):
+# directive is not supported (e.g. 'reflected-xss')
+notSupportingDirective = Not supporting directive '%1$S'. Directive and values will be ignored.
+# LOCALIZATION NOTE (blockAllMixedContent):
+# %1$S is the URL of the blocked resource load.
+blockAllMixedContent = Blocking insecure request '%1$S'.
+# LOCALIZATION NOTE (ignoringDirectiveWithNoValues):
+# %1$S is the name of a CSP directive that requires additional values
+ignoringDirectiveWithNoValues = Ignoring ‘%1$S‘ since it does not contain any parameters.
+# LOCALIZATION NOTE (ignoringReportOnlyDirective):
+# %1$S is the directive that is ignored in report-only mode.
+ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’
+# LOCALIZATION NOTE (IgnoringSrcBecauseOfDirective):
+# %1$S is the name of the src that is ignored.
+# %2$S is the name of the directive that causes the src to be ignored.
+IgnoringSrcBecauseOfDirective=Ignoring ‘%1$S’ because of ‘%2$S’ directive.
+# LOCALIZATION NOTE (IgnoringSourceWithinDirective):
+# %1$S is the ignored src
+# %2$S is the directive which supports src
+IgnoringSourceWithinDirective = Ignoring source “%1$S” (Not supported within ‘%2$S’).
+# LOCALIZATION NOTE (IgnoringSourceWithinDirective):
+# %1$S is the ignored src
+obsoleteBlockAllMixedContent = Ignoring ‘%1$S’ because mixed content display upgrading makes block-all-mixed-content obsolete.
+
+
+# CSP Errors:
+# LOCALIZATION NOTE (couldntParseInvalidSource):
+# %1$S is the source that could not be parsed
+couldntParseInvalidSource = Couldn't parse invalid source %1$S
+# LOCALIZATION NOTE (couldntParseInvalidHost):
+# %1$S is the host that's invalid
+couldntParseInvalidHost = Couldn't parse invalid host %1$S
+# LOCALIZATION NOTE (couldntParsePort):
+# %1$S is the string source
+couldntParsePort = Couldn't parse port in %1$S
+# LOCALIZATION NOTE (duplicateDirective):
+# %1$S is the name of the duplicate directive
+duplicateDirective = Duplicate %1$S directives detected. All but the first instance will be ignored.
+# LOCALIZATION NOTE (couldntParseInvalidSandboxFlag):
+# %1$S is the option that could not be understood
+couldntParseInvalidSandboxFlag = Couldn’t parse invalid sandbox flag ‘%1$S’
+
+# LOCALIZATION NOTE (CSPMessagePrefix):
+# Do not translate "Content-Security-Policy", only handle spacing for the colon.
+# %S is a console message that is being prefixed here.
+CSPMessagePrefix = Content-Security-Policy: %S
diff --git a/l10n-en-GB/dom/chrome/security/security.properties b/l10n-en-GB/dom/chrome/security/security.properties
new file mode 100644
index 0000000000..0798ec2828
--- /dev/null
+++ b/l10n-en-GB/dom/chrome/security/security.properties
@@ -0,0 +1,167 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Mixed Content Blocker
+# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource
+BlockMixedDisplayContent = Blocked loading mixed display content "%1$S"
+BlockMixedActiveContent = Blocked loading mixed active content "%1$S"
+
+# CORS
+# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers
+CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled).
+CORSDidNotSucceed2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request did not succeed). Status code: %2$S.
+CORSOriginHeaderNotAdded=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Origin’ cannot be added).
+CORSExternalRedirectNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request external redirect not allowed).
+CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
+CORSMissingAllowOrigin2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: %2$S.
+CORSMultipleAllowOriginNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed).
+CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header 'Access-Control-Allow-Origin' does not match '%2$S').
+CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
+CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header 'Access-Control-Allow-Methods').
+CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials').
+CORSPreflightDidNotSucceed3=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight response did not succeed). Status code: %2$S.
+CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Methods').
+CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Headers').
+CORSMissingAllowHeaderFromPreflight2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: header ‘%2$S’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
+CORSAllowHeaderFromPreflightDeprecation=Cross-Origin Request Warning: The Same Origin Policy will disallow reading the remote resource at %1$S soon. (Reason: When the `Access-Control-Allow-Headers` is `*`, the `Authorization` header is not covered. To include the `Authorization` header, it must be explicitly listed in CORS header `Access-Control-Allow-Headers`).
+
+# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
+STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
+STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
+STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a 'max-age' directive.
+STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple 'max-age' directives.
+STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid 'max-age' directive.
+STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple 'includeSubDomains' directives.
+STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid 'includeSubDomains' directive.
+STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
+
+InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
+InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
+InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.
+# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource
+LoadingMixedActiveContent2=Loading mixed (insecure) active content "%1$S" on a secure page
+LoadingMixedDisplayContent2=Loading mixed (insecure) display content "%1$S" on a secure page
+LoadingMixedDisplayObjectSubrequestDeprecation=Loading mixed (insecure) content “%1$S” within a plugin on a secure page is discouraged and will be blocked soon.
+# LOCALIZATION NOTE: "%S" is the URI of the insecure mixed content download
+MixedContentBlockedDownload = Blocked downloading insecure content “%S”.
+
+# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
+BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
+# LOCALIZATION NOTE: Do not translate "allow-top-navigation-by-user-activation", "allow-top-navigation", "sandbox" or "iframe"
+BothAllowTopNavigationAndUserActivationPresent=An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations.
+
+# Sub-Resource Integrity
+# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute.
+MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: "%1$S". The correct format is "<hash algorithm>-<hash value>".
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length.
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorithm in use (e.g. "sha256"). "%2$S" is the value we saw.
+IntegrityMismatch2=None of the “%1$S” hashes in the integrity attribute match the content of the subresource. The computed hash is “%2$S”.
+# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI.
+IneligibleResource="%1$S" is not eligible for integrity checks since it's neither CORS-enabled nor same-origin.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute.
+UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: "%1$S"
+# LOCALIZATION NOTE: Do not translate "integrity"
+NoValidMetadata=The integrity attribute does not contain any valid metadata.
+
+# LOCALIZATION NOTE: Do not translate "RC4".
+WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure.
+
+DeprecatedTLSVersion2=This site uses a deprecated version of TLS. Please upgrade to TLS 1.2 or 1.3.
+
+#XCTO: nosniff
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff".
+MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff).
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
+XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
+XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff).
+
+BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
+WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
+# LOCALIZATION NOTE: Do not translate "importScripts()"
+BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
+BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
+BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
+
+# LOCALIZATION NOTE: Do not translate "data: URI".
+BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)
+BlockRedirectToDataURI=Redirecting to data: URI not allowed (Blocked loading of: “%1$S”)
+
+# LOCALIZATION NOTE: Do not translate "file: URI". “%1$S” is the whole URI of the loaded file. “%2$S” is the MIME type e.g. "text/plain".
+BlockFileScriptWithWrongMimeType=Loading script from file: URI (“%1$S”) was blocked because its MIME type (“%2$S”) is not a valid JavaScript MIME type.
+
+# LOCALIZATION NOTE: “%S” is the whole URI of the loaded file.
+BlockExtensionScriptWithWrongExt=Loading script with URI “%S” was blocked because the file extension is not allowed.
+
+RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”)
+
+# LOCALIZATION NOTE (MixedContentAutoUpgrade):
+# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
+MixedContentAutoUpgrade=Upgrading insecure display request ‘%1$S’ to use ‘%2$S’
+# LOCALIZATION NOTE (RunningClearSiteDataValue):
+# %S is the URI of the resource whose data was cleaned up
+RunningClearSiteDataValue=Clear-Site-Data header forced the clean up of “%S” data.
+UnknownClearSiteDataValue=Clear-Site-Data header found. Unknown value “%S”.
+
+# Reporting API
+ReportingHeaderInvalidJSON=Reporting Header: invalid JSON value received.
+ReportingHeaderInvalidNameItem=Reporting Header: invalid name for group.
+ReportingHeaderDuplicateGroup=Reporting Header: ignoring duplicated group named “%S”.
+ReportingHeaderInvalidItem=Reporting Header: ignoring invalid item named “%S”.
+ReportingHeaderInvalidEndpoint=Reporting Header: ignoring invalid endpoint for item named “%S”.
+# LOCALIZATION NOTE(ReportingHeaderInvalidURLEndpoint): %1$S is the invalid URL, %2$S is the group name
+ReportingHeaderInvalidURLEndpoint=Reporting Header: ignoring invalid endpoint URL “%1$S” for item named “%2$S”.
+
+FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”.
+# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501
+FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”.
+# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501
+FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”.
+
+# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
+ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S”
+# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
+ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”.
+
+# LOCALIZATION NOTE: Do not translate "no-referrer-when-downgrade", "origin-when-cross-origin" and "unsafe-url". %S is the URI of the loading channel.
+ReferrerPolicyDisallowRelaxingWarning=Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request: %S
+# LOCALIZATION NOTE: %1$S is the ignored referrer policy, %2$S is the URI of the loading channel.
+ReferrerPolicyDisallowRelaxingMessage=Referrer Policy: Ignoring the less restricted referrer policy “%1$S” for the cross-site request: %2$S
+
+# X-Frame-Options
+# LOCALIZATION NOTE(XFrameOptionsInvalid): %1$S is the header value, %2$S is frame URI. Do not translate "X-Frame-Options".
+XFrameOptionsInvalid = Invalid X-Frame-Options header was found when loading “%2$S”: “%1$S” is not a valid directive.
+# LOCALIZATION NOTE(XFrameOptionsDeny): %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI. Do not translate "X-Frame-Options".
+XFrameOptionsDeny=The loading of “%2$S” in a frame is denied by “X-Frame-Options“ directive set to “%1$S“.
+
+# HTTPS-Only Mode
+# LOCALIZATION NOTE: %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
+HTTPSOnlyUpgradeRequest = Upgrading insecure request “%1$S” to use “%2$S”.
+# LOCALIZATION NOTE: %1$S is the URL of request.
+HTTPSOnlyNoUpgradeException = Not upgrading insecure request “%1$S” because it is exempt.
+# LOCALIZATION NOTE: %1$S is the URL of the failed request; %2$S is an error-code.
+HTTPSOnlyFailedRequest = Upgrading insecure request “%1$S” failed. (%2$S)
+# LOCALIZATION NOTE: %S is the URL of the failed request;
+HTTPSOnlyFailedDowngradeAgain = Upgrading insecure request “%S” failed. Downgrading to “http” again.
+# LOCALIZATION NOTE: Hints or indicates a new transaction for a URL is likely coming soon. We use
+# a speculative connection to start a TCP connection so that the resource is immediately ready
+# when the transaction is actually submitted. HTTPS-Only and HTTPS-First will upgrade such
+# speculative TCP connections from http to https.
+# %1$S is the URL of the upgraded speculative TCP connection; %2$S is the upgraded scheme.
+HTTPSOnlyUpgradeSpeculativeConnection = Upgrading insecure speculative TCP connection “%1$S” to use “%2$S”.
+
+HTTPSFirstSchemeless = Upgrading URL loaded in the address bar without explicit protocol scheme to use HTTPS.
+
+# LOCALIZATION NOTE: %S is the URL of the blocked request;
+IframeSandboxBlockedDownload = Download of “%S” was blocked because the triggering iframe has the sandbox flag set.
+
+# LOCALIZATION NOTE: %S is the URL of the blocked request;
+SandboxBlockedCustomProtocols = Blocked navigation to custom protocol “%S” from a sandboxed context.
+
+# Sanitizer API
+# LOCALIZATION NOTE: Please do not localize "DocumentFragment". It's the name of an API.
+SanitizerRcvdNoInput = Received empty or no input. Returning an empty DocumentFragment.