$S from being executed because it violates the following directive: “%1$S”
CSPGenericViolation = The page’s settings blocked the loading of a resource (%3$S) at %2$S because it violates the following directive: “%1$S”
CSPROGenericViolation = (Report-Only policy) The page’s settings would block the loading of a resource (%3$S) at %2$S because it violates the following directive: “%1$S”

triedToSendReport = Tried to send report to invalid URI: “%1$S”
tooManyReports = Prevented too many CSP reports from being sent within a short period of time.
couldNotParseReportURI = couldn’t parse report URI: %1$S
couldNotProcessUnknownDirective = Couldn’t process unknown directive ‘%1$S’
ignoringUnknownOption = Ignoring unknown option %1$S
ignoringDuplicateSrc = Ignoring duplicate source %1$S
ignoringInvalidToken = Ignoring directive ‘%1$S’ because the token contains invalid characters ‘%2$S’
ignoringSrcFromMetaCSP = Ignoring source ‘%1$S’ (Not supported when delivered via meta element).
ignoringSrcWithinNonceOrHashDirective = Ignoring “%1$S” within %2$S: nonce-source or hash-source specified
ignoringScriptSrcForStrictDynamic = Ignoring “%1$S” within %2$S: ‘strict-dynamic’ specified
ignoringStrictDynamic = Ignoring source “%1$S” (Only supported within script-src).
ignoringUnsafeEval = Ignoring ‘unsafe-eval’ or ‘wasm-unsafe-eval’ inside “%1$S”.
strictDynamicButNoHashOrNonce = Keyword ‘strict-dynamic’ within “%1$S” with no valid nonce or hash might block all scripts from loading
reportURInotHttpsOrHttp2 = The report URI (%1$S) should be an HTTP or HTTPS URI.
reportURINorReportToNotInReportOnlyHeader = This site (%1$S) has a Report-Only policy without a report-uri directive nor a report-to directive. CSP will not block and cannot report violations of this policy.
failedToParseUnrecognizedSource = Failed to parse unrecognized source %1$S
upgradeInsecureRequest = Upgrading insecure request ‘%1$S’ to use ‘%2$S’
ignoreSrcForDirective = Ignoring srcs for directive ‘%1$S’
hostNameMightBeKeyword = Interpreting %1$S as a hostname, not a keyword. If you intended this to be a keyword, use ‘%2$S’ (wrapped in single quotes).
notSupportingDirective = Not supporting directive ‘%1$S’. Directive and values will be ignored.
blockAllMixedContent = Blocking insecure request ‘%1$S’.
ignoringDirectiveWithNoValues = Ignoring ‘%1$S’ since it does not contain any parameters.
ignoringInvalidGroupSyntax = Ignoring report-to directive group ‘%1$S’ with invalid token ‘%2$S’.
ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’
IgnoringSrcBecauseOfDirective=Ignoring ‘%1$S’ because of ‘%2$S’ directive.
IgnoringSourceWithinDirective = Ignoring source “%1$S” (Not supported within ‘%2$S’).
obsoleteBlockAllMixedContent = Ignoring ‘%1$S’ because mixed content display upgrading makes block-all-mixed-content obsolete.


couldntParseInvalidSource = Couldn’t parse invalid source %1$S
couldntParseInvalidHost = Couldn’t parse invalid host %1$S
couldntParsePort = Couldn’t parse port in %1$S
duplicateDirective = Duplicate %1$S directives detected.  All but the first instance will be ignored.
couldntParseInvalidSandboxFlag = Couldn’t parse invalid sandbox flag ‘%1$S’
invalidNumberOfTrustedTypesForDirectiveValues = Received an invalid number of tokens for the ‘require-trusted-types-for‘ directive: %1$S; expected 1
invalidRequireTrustedTypesForDirectiveValue = Received an invalid token for the ‘require-trusted-types-for‘ directive: %1$S; expected ‘script‘
invalidTrustedTypesExpression = Received an invalid token for the ‘trusted-types‘ directive: %1$S

CSPMessagePrefix = Content-Security-Policy: %S
PK