diff --git a/administrator/language/en-GB/plg_system_httpheaders.ini b/administrator/language/en-GB/plg_system_httpheaders.ini
index 5ef05e0310cc..3c291db2b175 100644
--- a/administrator/language/en-GB/plg_system_httpheaders.ini
+++ b/administrator/language/en-GB/plg_system_httpheaders.ini
@@ -11,7 +11,7 @@ PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="<a href='https://developer.mozilla
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_CLIENT="Client"
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'" ; Do not translate
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'."
-PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Nonce</a>" ; Please only change the URL
+PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce' target='_blank' rel='noopener noreferrer'>Nonce</a>" ; Please only change the URL
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support."
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'." ; Do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only'
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only" ; Do not translate
@@ -19,7 +19,7 @@ PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dyna
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored." ; Do not translate 'strict-dynamic', 'self' and 'unsafe-inline'
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Script hashes</a>" ; Please only change the URL
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
-PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Style hashes</a>" ; Please only change the URL
+PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src' target='_blank' rel='noopener noreferrer'>Style hashes</a>" ; Please only change the URL
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES="Add Directive"
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive"
@@ -27,10 +27,10 @@ PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value"
 PLG_SYSTEM_HTTPHEADERS_COOP="Cross-Origin-Opener-Policy" ; Do not translate
 PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client"
 PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both"
-PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://hstspreload.org' target='_blank' rel='noopener noreferrer'>HTTP Strict Transport Security (HSTS)</a>" ; Do not translate
+PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security' target='_blank' rel='noopener noreferrer'>HTTP Strict Transport Security (HSTS)</a>" ; Please only change the URL
 PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE="max-age" ; Do not translate
 PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE_DESC="This option sets the time for 'max-age', it is specified in seconds. The default value is 31536000, which corresponds to one year" ; Please do not translate 'max-age'
-PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD="Preload" ; Do not translate
+PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD="<a href='https://hstspreload.org' target='_blank' rel='noopener noreferrer'>Preload</a>" ; Do not translate
 PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_DESC="This option activates the opt-in for inclusion in so-called browser preload lists."
 PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE="Important"
 PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE_DESC="HSTS means that your domain can no longer be called without HTTPS. Once added to the preload list, this is not easy to undo. Domains can be removed, but it takes months for users to make a change with a browser update.<br><strong>This option is very important to prevent 'man-in-the-middle attacks', so it should be activated in any case, but only if you are sure that HTTPS is supported for domain and all subdomains in the long run! The value for 'max-age' must be set to 63072000 (2 years) for recording.</strong>" ; Please do not translate 'max-age'