[ Index ]

PHP Cross Reference of Joomla 4.2.2 documentation

title

Body

[close]

/administrator/language/en-GB/ -> plg_system_httpheaders.ini (source)

[Summary view] [Print] [Text view] 

   1  ; Joomla! Project
   2  ; (C) 2018 Open Source Matters, Inc. <https://www.joomla.org>
   3  ; License GNU General Public License version 2 or later; see LICENSE.txt
   4  ; Note : All ini files need to be saved as UTF-8
   5  
   6  PLG_SYSTEM_HTTPHEADERS="System - HTTP Headers" ; Do not translate 'HTTP Headers'
   7  PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Force HTTP Headers" ; Do not translate 'HTTP Headers'
   8  PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" ; Do not translate 'HTTP Header'
   9  PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" ; Do not translate 'HTTP Header'
  10  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP' target='_blank' rel='noopener noreferrer'>Content Security Policy (CSP)</a>" ; Do not translate
  11  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_CLIENT="Client"
  12  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'" ; Do not translate
  13  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'."
  14  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Nonce</a>" ; Please only change the URL
  15  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support."
  16  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'." ; Do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only'
  17  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only" ; Do not translate
  18  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dynamic" ; Do not translate
  19  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored." ; Do not translate 'strict-dynamic', 'self' and 'unsafe-inline'
  20  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Script hashes</a>" ; Please only change the URL
  21  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
  22  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Style hashes</a>" ; Please only change the URL
  23  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
  24  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES="Add Directive"
  25  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive"
  26  PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value"
  27  PLG_SYSTEM_HTTPHEADERS_COOP="Cross-Origin-Opener-Policy" ; Do not translate
  28  PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client"
  29  PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both"
  30  PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://hstspreload.org' target='_blank' rel='noopener noreferrer'>HTTP Strict Transport Security (HSTS)</a>" ; Do not translate
  31  PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE="max-age" ; Do not translate
  32  PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE_DESC="This option sets the time for 'max-age', it is specified in seconds. The default value is 31536000, which corresponds to one year" ; Please do not translate 'max-age'
  33  PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD="Preload" ; Do not translate
  34  PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_DESC="This option activates the opt-in for inclusion in so-called browser preload lists."
  35  PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE="Important"
  36  PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE_DESC="HSTS means that your domain can no longer be called without HTTPS. Once added to the preload list, this is not easy to undo. Domains can be removed, but it takes months for users to make a change with a browser update.<br><strong>This option is very important to prevent 'man-in-the-middle attacks', so it should be activated in any case, but only if you are sure that HTTPS is supported for domain and all subdomains in the long run! The value for 'max-age' must be set to 63072000 (2 years) for recording.</strong>" ; Please do not translate 'max-age'
  37  PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS="Also for subdomains"
  38  PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS_DESC="HSTS should also be enabled <strong>for subdomains</strong> usually the subdomain 'www' is taken into account when creating the SSL certificate. If further subdomains are used, please note that they are also provided with a valid SSL certificate."
  39  PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers"
  40  PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="<p>Joomla! comes with a built-in set of tools that help you to handle http security headers. These headers help your browser for example to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting' target='_blank' rel='noopener noreferrer'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking' target='_blank' rel='noopener noreferrer'>Clickjacking</a> attacks.</p><p>You can find more details in the <a href='https://docs.joomla.org/Special:MyLanguage/J4.x:Http_Header_Management' target='_blank' rel='noopener noreferrer'>HTTP Header Management Tutorial in the Joomla! Documentation.</a></p>"
  41  PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
  42  PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy' target='_blank' rel='noopener noreferrer'>Referrer-Policy</a>" ; Do not translate
  43  PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options' target='_blank' rel='noopener noreferrer'>X-Frame-Options</a>" ; Do not translate
  44  PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers" ; Please do not translate 'HTTP Security Headers'

Body

Body

Body

Body


Generated: Wed Sep 7 05:41:13 2022 Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer