Add m-esr52 at 52.6.0

3 files changed, 311 insertions, 0 deletions

diff --git a/dom/locales/en-US/chrome/security/caps.properties b/dom/locales/en-US/chrome/security/caps.properties
new file mode 100644
index 000000000..22b1f963e
--- /dev/null
+++ b/dom/locales/en-US/chrome/security/caps.properties
@@ -0,0 +1,112 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CheckLoadURIError = Security Error: Content at %S may not load or link to %S.
+CheckSameOriginError = Security Error: Content at %S may not load data from %S.
+ExternalDataError = Security Error: Content at %S attempted to load %S, but may not load external data when being used as an image. 
+
+# LOCALIZATION NOTE (GetPropertyDeniedOrigins):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+GetPropertyDeniedOrigins = Permission denied for <%1$S> to get property %2$S.%3$S from <%4$S>.
+# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain".
+GetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain has not been set).
+# LOCALIZATION NOTE (GetPropertyDeniedOriginsObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+GetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to get property %2$S.%3$S from <%4$S> (document.domain=<%5$S>).
+# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomainObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain"
+# %6$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+GetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain=<%6$S>).
+
+# LOCALIZATION NOTE (SetPropertyDeniedOrigins):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+SetPropertyDeniedOrigins = Permission denied for <%1$S> to set property %2$S.%3$S on <%4$S>.
+# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain".
+SetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain has not been set).
+# LOCALIZATION NOTE (SetPropertyDeniedOriginsObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+SetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to set property %2$S.%3$S on <%4$S> (document.domain=<%5$S>).
+# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomainObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the property of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain"
+# %6$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+SetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain=<%6$S>).
+
+# LOCALIZATION NOTE (CallMethodDeniedOrigins):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the method of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+CallMethodDeniedOrigins = Permission denied for <%1$S> to call method %2$S.%3$S on <%4$S>.
+# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the method of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain".
+CallMethodDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain has not been set).
+# LOCALIZATION NOTE (CallMethodDeniedOriginsObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the method of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+CallMethodDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to call method %2$S.%3$S on <%4$S> (document.domain=<%5$S>).
+# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomainObjectDomain):
+# %1$S is the origin of the script which was denied access.
+# %2$S is the type of object it was.
+# %3$S is the method of that object that access was denied for.
+# %4$S is the origin of the object access was denied to.
+# %5$S is the value of document.domain for the script which was denied access;
+#      don't translate "document.domain"
+# %6$S is the value of document.domain for the object being accessed;
+#      don't translate "document.domain".
+CallMethodDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain=<%6$S>).
+
+GetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to get property %S.%S
+SetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to set property %S.%S
+CallMethodDeniedOriginsOnlySubject = Permission denied for <%S> to call method %S.%S
+CreateWrapperDenied = Permission denied to create wrapper for object of class %S
+CreateWrapperDeniedForOrigin = Permission denied for <%2$S> to create wrapper for object of class %1$S
+ProtocolFlagError = Warning: Protocol handler for ‘%S’ doesn’t advertise a security policy.  While loading of such protocols is allowed for now, this is deprecated.  Please see the documentation in nsIProtocolHandler.idl.
diff --git a/dom/locales/en-US/chrome/security/csp.properties b/dom/locales/en-US/chrome/security/csp.properties
new file mode 100644
index 000000000..fc7fc04ba
--- /dev/null
+++ b/dom/locales/en-US/chrome/security/csp.properties
@@ -0,0 +1,116 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# CSP Warnings:
+# LOCALIZATION NOTE (CSPViolation):
+# %1$S is the reason why the resource has not been loaded.
+CSPViolation = The page’s settings blocked the loading of a resource: %1$S
+# LOCALIZATION NOTE (CSPViolationWithURI):
+# %1$S is the directive that has been violated.
+# %2$S is the URI of the resource which violated the directive.
+CSPViolationWithURI = The page’s settings blocked the loading of a resource at %2$S (“%1$S”).
+# LOCALIZATION NOTE (CSPROViolation):
+# %1$S is the reason why the resource has not been loaded.
+CSPROViolation = A violation occurred for a report-only CSP policy (“%1$S”). The behavior was allowed, and a CSP report was sent.
+# LOCALIZATION NOTE (CSPROViolationWithURI):
+# %1$S is the directive that has been violated.
+# %2$S is the URI of the resource which violated the directive.
+CSPROViolationWithURI = The page’s settings observed the loading of a resource at %2$S (“%1$S”). A CSP report is being sent.
+# LOCALIZATION NOTE (triedToSendReport):
+# %1$S is the URI we attempted to send a report to.
+triedToSendReport = Tried to send report to invalid URI: “%1$S”
+# LOCALIZATION NOTE (couldNotParseReportURI):
+# %1$S is the report URI that could not be parsed
+couldNotParseReportURI = couldn’t parse report URI: %1$S
+# LOCALIZATION NOTE (couldNotProcessUnknownDirective):
+# %1$S is the unknown directive
+couldNotProcessUnknownDirective = Couldn’t process unknown directive ‘%1$S’
+# LOCALIZATION NOTE (ignoringUnknownOption):
+# %1$S is the option that could not be understood
+ignoringUnknownOption = Ignoring unknown option %1$S
+# LOCALIZATION NOTE (ignoringDuplicateSrc):
+# %1$S defines the duplicate src
+ignoringDuplicateSrc = Ignoring duplicate source %1$S
+# LOCALIZATION NOTE (ignoringSrcFromMetaCSP):
+# %1$S defines the ignored src
+ignoringSrcFromMetaCSP = Ignoring source ‘%1$S’ (Not supported when delivered via meta element).
+# LOCALIZATION NOTE (ignoringSrcWithinScriptStyleSrc):
+# %1$S is the ignored src
+# script-src and style-src are directive names and should not be localized
+ignoringSrcWithinScriptStyleSrc = Ignoring “%1$S” within script-src or style-src: nonce-source or hash-source specified
+# LOCALIZATION NOTE (ignoringSrcForStrictDynamic):
+# %1$S is the ignored src
+# script-src, as well as 'strict-dynamic' should not be localized
+ignoringSrcForStrictDynamic = Ignoring “%1$S” within script-src: ‘strict-dynamic’ specified
+# LOCALIZATION NOTE (ignoringStrictDynamic):
+# %1$S is the ignored src
+ignoringStrictDynamic = Ignoring source “%1$S” (Only supported within script-src). 
+# LOCALIZATION NOTE (strictDynamicButNoHashOrNonce):
+# %1$S is the csp directive that contains 'strict-dynamic'
+# 'strict-dynamic' should not be localized
+strictDynamicButNoHashOrNonce = Keyword ‘strict-dynamic’ within “%1$S” with no valid nonce or hash might block all scripts from loading
+# LOCALIZATION NOTE (reportURInotHttpsOrHttp2):
+# %1$S is the ETLD of the report URI that is not HTTP or HTTPS
+reportURInotHttpsOrHttp2 = The report URI (%1$S) should be an HTTP or HTTPS URI.
+# LOCALIZATION NOTE (reportURInotInReportOnlyHeader):
+# %1$S is the ETLD of the page with the policy
+reportURInotInReportOnlyHeader = This site (%1$S) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
+# LOCALIZATION NOTE (failedToParseUnrecognizedSource):
+# %1$S is the CSP Source that could not be parsed
+failedToParseUnrecognizedSource = Failed to parse unrecognized source %1$S
+# LOCALIZATION NOTE (inlineScriptBlocked):
+# inline script refers to JavaScript code that is embedded into the HTML document.
+inlineScriptBlocked = An attempt to execute inline scripts has been blocked
+# LOCALIZATION NOTE (inlineStyleBlocked):
+# inline style refers to CSS code that is embedded into the HTML document.
+inlineStyleBlocked = An attempt to apply inline style sheets has been blocked
+# LOCALIZATION NOTE (scriptFromStringBlocked):
+# eval is a name and should not be localized.
+scriptFromStringBlocked = An attempt to call JavaScript from a string (by calling a function like eval) has been blocked
+# LOCALIZATION NOTE (upgradeInsecureRequest):
+# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
+upgradeInsecureRequest = Upgrading insecure request ‘%1$S’ to use ‘%2$S’
+# LOCALIZATION NOTE (ignoreSrcForDirective):
+ignoreSrcForDirective = Ignoring srcs for directive ‘%1$S’
+# LOCALIZATION NOTE (hostNameMightBeKeyword):
+# %1$S is the hostname in question and %2$S is the keyword
+hostNameMightBeKeyword = Interpreting %1$S as a hostname, not a keyword. If you intended this to be a keyword, use ‘%2$S’ (wrapped in single quotes).
+# LOCALIZATION NOTE (notSupportingDirective):
+# directive is not supported (e.g. 'reflected-xss')
+notSupportingDirective = Not supporting directive ‘%1$S’. Directive and values will be ignored.
+# LOCALIZATION NOTE (blockAllMixedContent):
+# %1$S is the URL of the blocked resource load.
+blockAllMixedContent = Blocking insecure request ‘%1$S’.
+# LOCALIZATION NOTE (ignoringDirectiveWithNoValues):
+# %1$S is the name of a CSP directive that requires additional values (e.g., 'require-sri-for')
+ignoringDirectiveWithNoValues = Ignoring ‘%1$S’ since it does not contain any parameters.
+# LOCALIZATION NOTE (ignoringReportOnlyDirective):
+# %1$S is the directive that is ignored in report-only mode.
+ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’
+# LOCALIZATION NOTE (deprecatedReferrerDirective):
+# %1$S is the value of the deprecated Referrer Directive.
+deprecatedReferrerDirective = Referrer Directive ‘%1$S’ has been deprecated. Please use the Referrer-Policy header instead.
+
+# CSP Errors:
+# LOCALIZATION NOTE (couldntParseInvalidSource):
+# %1$S is the source that could not be parsed
+couldntParseInvalidSource = Couldn’t parse invalid source %1$S
+# LOCALIZATION NOTE (couldntParseInvalidHost):
+# %1$S is the host that's invalid
+couldntParseInvalidHost = Couldn’t parse invalid host %1$S
+# LOCALIZATION NOTE (couldntParseScheme):
+# %1$S is the string source
+couldntParseScheme = Couldn’t parse scheme in %1$S
+# LOCALIZATION NOTE (couldntParsePort):
+# %1$S is the string source
+couldntParsePort = Couldn’t parse port in %1$S
+# LOCALIZATION NOTE (duplicateDirective):
+# %1$S is the name of the duplicate directive
+duplicateDirective = Duplicate %1$S directives detected.  All but the first instance will be ignored.
+# LOCALIZATION NOTE (deprecatedDirective):
+# %1$S is the name of the deprecated directive, %2$S is the name of the replacement.
+deprecatedDirective = Directive ‘%1$S’ has been deprecated. Please use directive ‘%2$S’ instead.
+# LOCALIZATION NOTE (couldntParseInvalidSandboxFlag):
+# %1$S is the option that could not be understood
+couldntParseInvalidSandboxFlag = Couldn’t parse invalid sandbox flag ‘%1$S’
diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties
new file mode 100644
index 000000000..8b66cc265
--- /dev/null
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -0,0 +1,83 @@
+# Mixed Content Blocker
+# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource
+BlockMixedDisplayContent = Blocked loading mixed display content “%1$S”
+BlockMixedActiveContent = Blocked loading mixed active content “%1$S”
+
+# CORS
+# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers
+CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled).
+CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
+CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
+CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘%2$S’).
+CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
+CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’).
+CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).
+CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed).
+CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Methods’).
+CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’).
+CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
+
+# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
+STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
+STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
+STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
+STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive.
+STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple ‘max-age’ directives.
+STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid ‘max-age’ directive.
+STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple ‘includeSubDomains’ directives.
+STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid ‘includeSubDomains’ directive.
+STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
+
+# LOCALIZATION NOTE: Do not translate "Public-Key-Pins", "HPKP", "max-age", "report-uri" or "includeSubDomains"
+PKPUnknownError=Public-Key-Pins: An unknown error occurred processing the header specified by the site.
+PKPUntrustworthyConnection=Public-Key-Pins: The connection to the site is untrustworthy, so the specified header was ignored.
+PKPCouldNotParseHeader=Public-Key-Pins: The site specified a header that could not be parsed successfully.
+PKPNoMaxAge=Public-Key-Pins: The site specified a header that did not include a ‘max-age’ directive.
+PKPMultipleMaxAges=Public-Key-Pins: The site specified a header that included multiple ‘max-age’ directives.
+PKPInvalidMaxAge=Public-Key-Pins: The site specified a header that included an invalid ‘max-age’ directive.
+PKPMultipleIncludeSubdomains=Public-Key-Pins: The site specified a header that included multiple ‘includeSubDomains’ directives.
+PKPInvalidIncludeSubdomains=Public-Key-Pins: The site specified a header that included an invalid ‘includeSubDomains’ directive.
+PKPInvalidPin=Public-Key-Pins: The site specified a header that included an invalid pin.
+PKPMultipleReportURIs=Public-Key-Pins: The site specified a header that included multiple ‘report-uri’ directives.
+PKPPinsetDoesNotMatch=Public-Key-Pins: The site specified a header that did not include a matching pin.
+PKPNoBackupPin=Public-Key-Pins: The site specified a header that did not include a backup pin.
+PKPCouldNotSaveState=Public-Key-Pins: An error occurred noting the site as a Public-Key-Pins host.
+PKPRootNotBuiltIn=Public-Key-Pins: The certificate used by the site was not issued by a certificate in the default root certificate store. To prevent accidental breakage, the specified header was ignored.
+
+# LOCALIZATION NOTE: Do not translate "SHA-1"
+SHA1Sig=This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
+InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
+InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
+InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.
+# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource
+LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page
+LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page
+# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
+BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
+
+# Sub-Resource Integrity
+# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute.
+MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “<hash algorithm>-<hash value>”.
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length.
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorigthm in use (e.g. "sha256").
+IntegrityMismatch=None of the “%1$S” hashes in the integrity attribute match the content of the subresource.
+# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI.
+IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute.
+UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S”
+# LOCALIZATION NOTE: Do not translate "integrity"
+NoValidMetadata=The integrity attribute does not contain any valid metadata.
+
+# LOCALIZATION NOTE: Do not translate "RC4".
+WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure.
+
+#XCTO: nosniff
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff".
+MimeTypeMismatch=The resource from “%1$S” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not trasnlate "nosniff".
+XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
+
+BlockScriptWithWrongMimeType=Script from “%1$S” was blocked because of a disallowed MIME type.