; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
PLG_SYSTEM_HTTPHEADERS="System - HTTP Headers" ; Do not translate 'HTTP Headers'
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Force HTTP Headers" ; Do not translate 'HTTP Headers'
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" ; Do not translate 'HTTP Header'
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" ; Do not translate 'HTTP Header'
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="Content Security Policy (CSP)" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_CLIENT="Client"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'."
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="Nonce" ; Please only change the URL
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support."
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'." ; Do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only'
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dynamic" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored." ; Do not translate 'strict-dynamic', 'self' and 'unsafe-inline'
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="Script hashes" ; Please only change the URL
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="Style hashes" ; Please only change the URL
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES="Add Directive"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value"
PLG_SYSTEM_HTTPHEADERS_COOP="Cross-Origin-Opener-Policy" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client"
PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both"
PLG_SYSTEM_HTTPHEADERS_HSTS="HTTP Strict Transport Security (HSTS)" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE="max-age" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE_DESC="This option sets the time for 'max-age', it is specified in seconds. The default value is 31536000, which corresponds to one year" ; Please do not translate 'max-age'
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD="Preload" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_DESC="This option activates the opt-in for inclusion in so-called browser preload lists."
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE="Important"
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE_DESC="HSTS means that your domain can no longer be called without HTTPS. Once added to the preload list, this is not easy to undo. Domains can be removed, but it takes months for users to make a change with a browser update.
This option is very important to prevent 'man-in-the-middle attacks', so it should be activated in any case, but only if you are sure that HTTPS is supported for domain and all subdomains in the long run! The value for 'max-age' must be set to 63072000 (2 years) for recording." ; Please do not translate 'max-age'
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS="Also for subdomains"
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS_DESC="HSTS should also be enabled for subdomains usually the subdomain 'www' is taken into account when creating the SSL certificate. If further subdomains are used, please note that they are also provided with a valid SSL certificate."
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in set of tools that help you to handle http security headers. These headers help your browser for example to protect your website from XSS and Clickjacking attacks.
You can find more details in the HTTP Header Management Tutorial in the Joomla! Documentation.
"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="Referrer-Policy" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="X-Frame-Options" ; Do not translate
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers" ; Please do not translate 'HTTP Security Headers'