ol-Allow-Headers’ from CORS preflight response). CORSAllowHeaderFromPreflightDeprecation=Cross-Origin Request Warning: The Same Origin Policy will disallow reading the remote resource at %1$S soon. (Reason: When the `Access-Control-Allow-Headers` is `*`, the `Authorization` header is not covered. To include the `Authorization` header, it must be explicitly listed in CORS header `Access-Control-Allow-Headers`). STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site. STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully. STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive. STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple ‘max-age’ directives. STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid ‘max-age’ directive. STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple ‘includeSubDomains’ directives. STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid ‘includeSubDomains’ directive. STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host. InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen. InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen. InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen. LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page MixedContentBlockedDownload = Blocked downloading insecure content “%S”. BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing. BothAllowTopNavigationAndUserActivationPresent=An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations. MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “-”. InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length. InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded. IntegrityMismatch3=None of the “%1$S” hashes in the integrity attribute match the content of the subresource at “%2$S”. The computed hash is “%3$S”. IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin. UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S” NoValidMetadata=The integrity attribute does not contain any valid metadata. WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure. DeprecatedTLSVersion2=This site uses a deprecated version of TLS. Please upgrade to TLS 1.2 or 1.3. MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff). XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”? XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff). BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type. BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”). BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). BlockJsonModuleWithWrongMimeType=Loading JSON module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”) BlockRedirectToDataURI=Redirecting to data: URI not allowed (Blocked loading of: “%1$S”) BlockFileScriptWithWrongMimeType=Loading script from file: URI (“%1$S”) was blocked because its MIME type (“%2$S”) is not a valid JavaScript MIME type. BlockExtensionScriptWithWrongExt=Loading script with URI “%S” was blocked because the file extension is not allowed. RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”) MixedContentAutoUpgrade=Upgrading insecure display request ‘%1$S’ to use ‘%2$S’ RunningClearSiteDataValue=Clear-Site-Data header forced the clean up of “%S” data. UnknownClearSiteDataValue=Clear-Site-Data header found. Unknown value “%S”. ReportingHeaderInvalidJSON=Reporting Header: invalid JSON value received. ReportingHeaderInvalidNameItem=Reporting Header: invalid name for group. ReportingHeaderDuplicateGroup=Reporting Header: ignoring duplicated group named “%S”. ReportingHeaderInvalidItem=Reporting Header: ignoring invalid item named “%S”. ReportingHeaderInvalidEndpoint=Reporting Header: ignoring invalid endpoint for item named “%S”. ReportingHeaderInvalidURLEndpoint=Reporting Header: ignoring invalid endpoint URL “%1$S” for item named “%2$S”. FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”. FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”. FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”. ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S” ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”. ReferrerPolicyDisallowRelaxingWarning=Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request: %S ReferrerPolicyDisallowRelaxingMessage=Referrer Policy: Ignoring the less restricted referrer policy “%1$S” for the cross-site request: %2$S XFrameOptionsInvalid = Invalid X-Frame-Options header was found when loading “%2$S”: “%1$S” is not a valid directive. XFrameOptionsDeny=The loading of “%2$S” in a frame is denied by “X-Frame-Options“ directive set to “%1$S“. HTTPSOnlyUpgradeRequest = Upgrading insecure request “%1$S” to use “%2$S”. HTTPSOnlyNoUpgradeException = Not upgrading insecure request “%1$S” because it is exempt. HTTPSOnlyFailedRequest = Upgrading insecure request “%1$S” failed. (%2$S) HTTPSOnlyFailedDowngradeAgain = Upgrading insecure request “%S” failed. Downgrading to “http” again. HTTPSOnlyUpgradeSpeculativeConnection = Upgrading insecure speculative TCP connection “%1$S” to use “%2$S”. HTTPSFirstSchemeless = Upgrading URL loaded in the address bar without explicit protocol scheme to use HTTPS. HTTPSFirstAddingException = Adding exception to temporarily prevent further attempts to automatically load “http://%S” securely. IframeSandboxBlockedDownload = Download of “%S” was blocked because the triggering iframe has the sandbox flag set. SandboxBlockedCustomProtocols = Blocked navigation to custom protocol “%S” from a sandboxed context. SanitizerAllowElementIgnored2 = Sanitizer: Calling allowElement() with “attributes” or non-empty “removeAttributes” was ignored because of the global “removeElements” list. IntegrityPolicyEnforceBlockedScript = The page’s settings blocked a script at %S from being loaded because it is missing integrity metadata. IntegrityPolicyReportOnlyBlockedScript = (Report-Only policy) The page’s settings would block a script at %S from being loaded because it is missing integrity metadata. IntegrityPolicyEnforceBlockedStylesheet = The page’s settings blocked a stylesheet at %S from being loaded because it is missing integrity metadata. IntegrityPolicyReportOnlyBlockedStylesheet = (Report-Only policy) The page’s settings would block a stylesheet at %S from being loaded because it is missing integrity metadata. PK