diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 2d84cafd098..10fd325c67b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -81,6 +81,51 @@ jobs:
           (cd src && pnpm run test-container)
           git clean -dxf .
 
+  build-test-local-plugin:
+    # Regression coverage for #7687: the Docker image's
+    # `bin/installLocalPlugins.sh` step runs as the `etherpad` user and
+    # invokes pnpm via the corepack shim. A previous corepack/cache bug
+    # made that path fail when ETHERPAD_LOCAL_PLUGINS was set. This job
+    # builds the development target with a stub local plugin so the
+    # regression cannot silently come back.
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      -
+        name: Check out
+        uses: actions/checkout@v6
+        with:
+          path: etherpad
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+      -
+        name: Stub a local plugin
+        run: |
+          mkdir -p etherpad/local_plugins/ep_test_corepack
+          cat > etherpad/local_plugins/ep_test_corepack/package.json <<'EOF'
+          {
+            "name": "ep_test_corepack",
+            "version": "0.0.1",
+            "description": "regression-test stub for ether/etherpad#7687",
+            "main": "index.js"
+          }
+          EOF
+          cat > etherpad/local_plugins/ep_test_corepack/index.js <<'EOF'
+          exports.placeholder = true;
+          EOF
+      -
+        name: Build with ETHERPAD_LOCAL_PLUGINS (must succeed)
+        uses: docker/build-push-action@v7
+        with:
+          context: ./etherpad
+          target: development
+          load: false
+          build-args: |
+            ETHERPAD_LOCAL_PLUGINS=ep_test_corepack
+          cache-from: type=gha
+
   build-test-db-drivers:
     # Spinning up MySQL + Postgres + cross-driver smoke is expensive; only
     # run it on pushes to develop (and tagged release pushes), not on every
diff --git a/Dockerfile b/Dockerfile
index 0fee2f12e1e..d53107b415c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -99,12 +99,21 @@ RUN groupadd --system ${EP_GID:+--gid "${EP_GID}" --non-unique} etherpad && \
 ARG EP_DIR=/opt/etherpad-lite
 RUN mkdir -p "${EP_DIR}" && chown etherpad:etherpad "${EP_DIR}"
 
+# Share corepack's cache between root (which activates pnpm here) and
+# the `etherpad` user (which invokes pnpm later via the corepack shim).
+# $COREPACK_HOME defaults to ~/.cache/node/corepack and is per-user;
+# without this pin the etherpad user finds an empty cache, re-resolves
+# pnpm, and corepack can fall back to "latest" from the registry. See
+# https://github.com/ether/etherpad/issues/7687.
+ENV COREPACK_HOME=/opt/corepack
+
 # the mkdir is needed for configuration of openjdk-11-jre-headless, see
 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199
 RUN  \
-    mkdir -p /usr/share/man/man1 && \
+    mkdir -p /usr/share/man/man1 "${COREPACK_HOME}" && \
     npm install -g corepack@latest && \
     corepack enable && corepack prepare pnpm@${PnpmVersion} --activate && \
+    chown -R etherpad:etherpad "${COREPACK_HOME}" && \
     rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx && \
     apk update && apk upgrade && \
     apk add --no-cache \
diff --git a/docs/superpowers/specs/2026-04-30-issue-7599-open-graph-metadata-design.md b/docs/superpowers/specs/2026-04-30-issue-7599-open-graph-metadata-design.md
index ba025584397..7f1d9771f50 100644
--- a/docs/superpowers/specs/2026-04-30-issue-7599-open-graph-metadata-design.md
+++ b/docs/superpowers/specs/2026-04-30-issue-7599-open-graph-metadata-design.md
@@ -144,3 +144,38 @@ The XSS escape test is the security-relevant one: pad IDs are user-controlled
 - A `padSocialMetadata` hook that lets plugins override the values.
 - Per-pad description (e.g. ep_pad_title integration).
 - Generated preview images (would require a rendering service).
+
+## Follow-up (2026-05-07): operator description override
+
+Issue #7599 follow-up comment from @stffen flagged two gaps in the shipped
+behaviour:
+
+1. The default description is in English and there is no obvious place in
+   `settings.json` to change it.
+2. The visitor's language is negotiated from `Accept-Language`, which most
+   link-preview crawlers (WhatsApp, Signal, Slack, Telegram, Facebook) do not
+   send — so non-English instances always serve the English fallback to
+   crawlers regardless of which locale files exist.
+
+Resolution: keep the i18n catalog as the default source (the original Qodo
+review still stands — translatable strings belong in locale files), but add
+an explicit `settings.socialMeta.description` override that wins when set:
+
+- `socialMeta.description: null` (default) → existing behaviour: i18n
+  catalog with `Accept-Language` negotiation, English fallback.
+- `socialMeta.description: "<text>"` → that string is used verbatim for
+  `og:description` / `twitter:description` regardless of the negotiated
+  language. This is the lever that fixes the crawler-no-Accept-Language
+  case.
+- Empty / whitespace-only override is treated as unset (would otherwise
+  blank out previews silently — a footgun).
+- The override is HTML-escaped via the same path as every other
+  interpolated value.
+- `og:locale` is unaffected; it continues to reflect the negotiated render
+  language. Operators who want fully localised descriptions still use
+  `customLocaleStrings` to override `pad.social.description` per-language.
+
+Documentation lives next to `publicURL` in both `settings.json.template`
+and `settings.json.docker` (mirrors how the original feature is
+configured), and the `customLocaleStrings` example now shows the
+`pad.social.description` key explicitly so operators can find both routes.
diff --git a/settings.json.docker b/settings.json.docker
index 8755d99e3a9..36becc015fd 100644
--- a/settings.json.docker
+++ b/settings.json.docker
@@ -125,6 +125,19 @@
    */
   "publicURL": "${PUBLIC_URL:null}",
 
+  /*
+   * Open Graph / Twitter Card metadata for link previews.
+   *
+   * SOCIAL_META_DESCRIPTION: when set, this exact text is used as
+   * og:description regardless of negotiated language. Most preview crawlers
+   * (WhatsApp, Signal, Slack, ...) don't send Accept-Language, so without an
+   * override they always hit the English fallback in the i18n catalog.
+   * Leave unset (null) to use the catalog (key `pad.social.description`).
+   */
+  "socialMeta": {
+    "description": "${SOCIAL_META_DESCRIPTION:null}"
+  },
+
   /*
    * Skin name.
    *
@@ -247,9 +260,12 @@
 
   /**
   * Enable creator-owned Pad-wide Settings and new-pad default seeding from My View.
-  * Disabled by default to preserve the legacy single-settings behavior.
+  * The pad creator (revision-0 author) gets the "Pad-wide Settings" section,
+  * which lets them set defaults and optionally enforce them for other users.
+  * Other users see only "User Settings" (their own view options).
+  * Set to false to revert to the legacy single-settings behavior.
   **/
-  "enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:false}",
+  "enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:true}",
 
   /*
    * Optional privacy banner. See settings.json.template for full field docs.
diff --git a/settings.json.template b/settings.json.template
index 209b1721f39..7e6ab93aa6a 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -123,6 +123,26 @@
    */
   "publicURL": null,
 
+  /*
+   * Open Graph / Twitter Card metadata, served on the homepage, pad pages and
+   * timeslider for nicer previews when a pad URL is shared in chat apps
+   * (WhatsApp, Signal, Slack, ...).
+   *
+   * - description: when set to a non-empty string, this exact text is used as
+   *   og:description / twitter:description regardless of the visitor's
+   *   negotiated language. Most link-preview crawlers don't send an
+   *   Accept-Language header, so without an override they always see the
+   *   English fallback. Set this if your instance serves a non-English
+   *   audience and you want a fixed blurb in shared previews.
+   *
+   * Leave description as null to use Etherpad's i18n catalog (key
+   * `pad.social.description`), which honours Accept-Language and can be
+   * overridden per-language via `customLocaleStrings` further down.
+   */
+  "socialMeta": {
+    "description": null
+  },
+
   /*
    * Skin name.
    *
@@ -733,9 +753,12 @@
 
     /**
     * Enable creator-owned Pad-wide Settings and new-pad default seeding from My View.
-    * Disabled by default to preserve the legacy single-settings behavior.
+    * The pad creator (revision-0 author) gets the "Pad-wide Settings" section,
+    * which lets them set defaults and optionally enforce them for other users.
+    * Other users see only "User Settings" (their own view options).
+    * Set to false to revert to the legacy single-settings behavior.
     **/
-    "enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:false}",
+    "enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:true}",
 
   /*
    * Optional privacy banner shown once the pad loads. Disabled by default.
@@ -817,7 +840,19 @@
    */
    "logLayoutType": "colored",
 
-  /* Override any strings found in locale directories */
+  /*
+   * Override any strings found in locale directories.
+   *
+   * Format: { "<lang>": { "<key>": "<text>", ... }, ... }
+   * Example, per-language Open Graph description for link previews:
+   *   "customLocaleStrings": {
+   *     "en": { "pad.social.description": "Our team's collaborative pads." },
+   *     "de": { "pad.social.description": "Kollaborative Notizblöcke." }
+   *   }
+   * For a single description regardless of language, prefer
+   * `socialMeta.description` above — link-preview crawlers usually don't
+   * send Accept-Language and otherwise hit the English fallback.
+   */
   "customLocaleStrings": {},
 
   /* Disable Admin UI tests */
diff --git a/src/locales/gl.json b/src/locales/gl.json
index 7096f45b0ed..f8beafd27aa 100644
--- a/src/locales/gl.json
+++ b/src/locales/gl.json
@@ -14,6 +14,8 @@
 	"admin_plugins.available_install.value": "Instalar",
 	"admin_plugins.available_search.placeholder": "Buscar complementos para instalar",
 	"admin_plugins.description": "Descrición",
+	"admin_plugins.disables.label": "Desactiva:",
+	"admin_plugins.disables.warning_title": "Este complemento elimina intencionadamente as funcionalidades de Etherpad listadas.",
 	"admin_plugins.installed": "Complementos instalados",
 	"admin_plugins.installed_fetching": "Obtendo os complementos instalados...",
 	"admin_plugins.installed_nothing": "Aínda non instalaches ningún complemento.",
@@ -39,6 +41,19 @@
 	"admin_settings.current_restart.value": "Reiniciar Etherpad",
 	"admin_settings.current_save.value": "Gardar axustes",
 	"admin_settings.page-title": "Axustes - Etherpad",
+	"update.banner.title": "Actualización dispoñible",
+	"update.banner.body": "Etherpad {{latest}} está dispoñible (estás a usar {{current}}).",
+	"update.banner.cta": "Ver a actualización",
+	"update.page.title": "Actualizacións de Etherpad",
+	"update.page.current": "Versión actual",
+	"update.page.latest": "Última versión",
+	"update.page.last_check": "Última comprobación",
+	"update.page.install_method": "Método de instalación",
+	"update.page.tier": "Actualizar o nivel",
+	"update.page.changelog": "Rexistro de cambios",
+	"update.page.up_to_date": "Estás a executar a última versión.",
+	"update.badge.severe": "Etherpad está moi desactualizado neste servidor. Informa á administración.",
+	"update.badge.vulnerable": "Etherpad está a executar neste servidor unha versión con problemas de seguranza. Informa á administración.",
 	"index.newPad": "Novo documento",
 	"index.settings": "Axustes",
 	"index.transferSessionTitle": "Transferir a sesión",
@@ -93,6 +108,7 @@
 	"pad.settings.stickychat": "Charla sempre visible",
 	"pad.settings.chatandusers": "Mostrar a charla e as usuarias",
 	"pad.settings.colorcheck": "Cores de identificación",
+	"pad.settings.fadeInactiveAuthorColors": "Esvaecer as cores dos autores inactivos",
 	"pad.settings.linenocheck": "Números de liña",
 	"pad.settings.rtlcheck": "Queres ler o contido da dereita á esquerda?",
 	"pad.settings.enforceSettings": "Aplicar os axustes aos demais usuarios",
@@ -102,6 +118,16 @@
 	"pad.settings.language": "Lingua:",
 	"pad.settings.deletePad": "Borrar o documento",
 	"pad.delete.confirm": "Queres borrar este documento?",
+	"pad.deletionToken.modalTitle": "Garda o teu token de eliminación do documento",
+	"pad.deletionToken.modalBody": "Este token é a única maneira de eliminar este documento se perdes a sesión do navegador ou cambias de dispositivo. Gárdao nun lugar seguro; aquí mostrarase exactamente unha vez.",
+	"pad.deletionToken.copy": "Copiar",
+	"pad.deletionToken.copied": "Copiado",
+	"pad.deletionToken.acknowledge": "Gardeino",
+	"pad.deletionToken.deleteWithToken": "Eliminar o documento cun token",
+	"pad.deletionToken.tokenFieldLabel": "Token de eliminación do documento",
+	"pad.deletionToken.tokenValueLabel": "O teu token de eliminación do documento (só lectura)",
+	"pad.deletionToken.invalid": "Ese token non é válido para este documento.",
+	"pad.deletionToken.notCreator": "Non es a persoa creadora deste documento, así que non podes eliminalo.",
 	"pad.settings.about": "Acerca de",
 	"pad.settings.poweredBy": "Grazas a",
 	"pad.importExport.import_export": "Importar/Exportar",
@@ -202,5 +228,6 @@
 	"pad.impexp.importfailed": "Fallou a importación",
 	"pad.impexp.copypaste": "Copie e pegue",
 	"pad.impexp.exportdisabled": "A exportación en formato {{type}} está desactivada. Póñase en contacto co administrador do sistema se quere máis detalles.",
-	"pad.impexp.maxFileSize": "Ficheiro demasiado granda. Contacta coa administración para aumentar o tamaño permitido para importacións"
+	"pad.impexp.maxFileSize": "Ficheiro demasiado granda. Contacta coa administración para aumentar o tamaño permitido para importacións",
+	"pad.social.description": "Un documento colaborativo que calquera pode editar en tempo real."
 }
diff --git a/src/locales/ko.json b/src/locales/ko.json
index 44f592488b4..e077201268f 100644
--- a/src/locales/ko.json
+++ b/src/locales/ko.json
@@ -9,6 +9,7 @@
 			"Revi",
 			"SeoJeongHo",
 			"Suleiman the Magnificent Television",
+			"Tensama0415",
 			"YeBoy371",
 			"Ykhwong",
 			"그냥기여자",
@@ -49,7 +50,7 @@
 	"admin_settings.current_save.value": "설정 저장",
 	"admin_settings.page-title": "설정 - 이더패드",
 	"index.newPad": "새 패드",
-	"index.createOpenPad": "또는 다음 이름으로 패드 만들기/열기:",
+	"index.createOpenPad": "이름으로 패드 열기",
 	"index.openPad": "이름으로 기존 패드 열기:",
 	"pad.toolbar.bold.title": "굵게 (Ctrl+B)",
 	"pad.toolbar.italic.title": "기울임꼴 (Ctrl+I)",
diff --git a/src/locales/mk.json b/src/locales/mk.json
index 88a3fc3642f..6d939c2de21 100644
--- a/src/locales/mk.json
+++ b/src/locales/mk.json
@@ -14,6 +14,8 @@
 	"admin_plugins.available_install.value": "Воспостави",
 	"admin_plugins.available_search.placeholder": "Пребарај приклучоци за воспоставка",
 	"admin_plugins.description": "Опис",
+	"admin_plugins.disables.label": "Оневозможува:",
+	"admin_plugins.disables.warning_title": "Овој приклучок намерно ги отстранува наведените функции на Etherpad.",
 	"admin_plugins.installed": "Воспоставени приклучоци",
 	"admin_plugins.installed_fetching": "Ги земам воспоставените приклучоци…",
 	"admin_plugins.installed_nothing": "Засега немате воспоставено ниеден приклучок.",
@@ -106,6 +108,7 @@
 	"pad.settings.stickychat": "Разговорите секогаш на екранот",
 	"pad.settings.chatandusers": "Прикажи разговор и корисници",
 	"pad.settings.colorcheck": "Авторски бои",
+	"pad.settings.fadeInactiveAuthorColors": "Избледувај ги боите на неактивните автоори",
 	"pad.settings.linenocheck": "Броеви на редовите",
 	"pad.settings.rtlcheck": "Содржините да се читаат од десно на лево?",
 	"pad.settings.enforceSettings": "Примени нагодувања за другите корисници",
diff --git a/src/locales/pms.json b/src/locales/pms.json
index 165d9d02b40..6574a45c08b 100644
--- a/src/locales/pms.json
+++ b/src/locales/pms.json
@@ -1,7 +1,8 @@
 {
 	"@metadata": {
 		"authors": [
-			"Borichèt"
+			"Borichèt",
+			"Dragonòt"
 		]
 	},
 	"admin.page-title": "Cruscòt d'aministrator - Etherpad",
@@ -161,7 +162,7 @@
 	"timeslider.month.february": "Fërvé",
 	"timeslider.month.march": "Mars",
 	"timeslider.month.april": "Avril",
-	"timeslider.month.may": "Maj",
+	"timeslider.month.may": "Magg",
 	"timeslider.month.june": "Giugn",
 	"timeslider.month.july": "Luj",
 	"timeslider.month.august": "Ost",
diff --git a/src/locales/zh-hans.json b/src/locales/zh-hans.json
index 47577707292..946490acd90 100644
--- a/src/locales/zh-hans.json
+++ b/src/locales/zh-hans.json
@@ -33,6 +33,8 @@
 	"admin_plugins.available_install.value": "安装",
 	"admin_plugins.available_search.placeholder": "搜索要安装的插件",
 	"admin_plugins.description": "描述",
+	"admin_plugins.disables.label": "禁用：",
+	"admin_plugins.disables.warning_title": "此插件意在移除所列出的Etherpad功能。",
 	"admin_plugins.installed": "已装插件",
 	"admin_plugins.installed_fetching": "正在获取已安装的插件…",
 	"admin_plugins.installed_nothing": "您尚未安装任何插件。",
@@ -58,6 +60,19 @@
 	"admin_settings.current_restart.value": "重启Etherpad",
 	"admin_settings.current_save.value": "保存设置",
 	"admin_settings.page-title": "设置 - Etherpad",
+	"update.banner.title": "更新可用",
+	"update.banner.body": "Etherpad {{latest}}可用（您正在运行{{current}}）。",
+	"update.banner.cta": "查看更新",
+	"update.page.title": "Etherpad更新",
+	"update.page.current": "当前版本",
+	"update.page.latest": "最新版本",
+	"update.page.last_check": "最后检查于",
+	"update.page.install_method": "安装方法",
+	"update.page.tier": "更新层级",
+	"update.page.changelog": "更新日志",
+	"update.page.up_to_date": "您目前运行的是最新版本。",
+	"update.badge.severe": "此服务器上的Etherpad版本严重过时。请告知您的管理员。",
+	"update.badge.vulnerable": "此服务器上运行的Etherpad版本存在已知安全问题。请告知您的管理员。",
 	"index.newPad": "新记事本",
 	"index.settings": "设置",
 	"index.transferSessionTitle": "转移会话",
@@ -112,6 +127,7 @@
 	"pad.settings.stickychat": "总是显示聊天屏幕",
 	"pad.settings.chatandusers": "显示聊天和用户",
 	"pad.settings.colorcheck": "作者颜色",
+	"pad.settings.fadeInactiveAuthorColors": "淡化非活跃作者颜色",
 	"pad.settings.linenocheck": "行号",
 	"pad.settings.rtlcheck": "从右到左阅读内容吗？",
 	"pad.settings.enforceSettings": "对其他用户的强制设置",
@@ -121,6 +137,16 @@
 	"pad.settings.language": "语言：",
 	"pad.settings.deletePad": "删除记事本",
 	"pad.delete.confirm": "您确定要删除此记事本吗？",
+	"pad.deletionToken.modalTitle": "保存您的记事本删除令牌",
+	"pad.deletionToken.modalBody": "如果您丢失浏览器会话或切换设备，此令牌是删除此记事本的唯一方法。请将其保存在安全的地方——它只会在此处显示一次。",
+	"pad.deletionToken.copy": "复制",
+	"pad.deletionToken.copied": "已复制",
+	"pad.deletionToken.acknowledge": "我已保存",
+	"pad.deletionToken.deleteWithToken": "使用令牌删除记事本",
+	"pad.deletionToken.tokenFieldLabel": "记事本删除令牌",
+	"pad.deletionToken.tokenValueLabel": "您的记事本删除令牌（只读）",
+	"pad.deletionToken.invalid": "该令牌对此记事本无效。",
+	"pad.deletionToken.notCreator": "您不是此笔记本的创建者，因此您无法删除它。",
 	"pad.settings.about": "关于",
 	"pad.settings.poweredBy": "技术支持来自",
 	"pad.importExport.import_export": "导入/导出",
@@ -221,5 +247,6 @@
 	"pad.impexp.importfailed": "导入失败",
 	"pad.impexp.copypaste": "请复制粘贴",
 	"pad.impexp.exportdisabled": "{{type}} 格式的导出被禁用。有关详情，请与您的系统管理员联系。",
-	"pad.impexp.maxFileSize": "文件太大。 请与您的站点管理员联系以增加允许导入的文件大小"
+	"pad.impexp.maxFileSize": "文件太大。 请与您的站点管理员联系以增加允许导入的文件大小",
+	"pad.social.description": "一份所有人都能实时编辑的协作文档。"
 }
diff --git a/src/node/utils/Settings.ts b/src/node/utils/Settings.ts
index 71bb4dd1e7d..ff2e93ec8dd 100644
--- a/src/node/utils/Settings.ts
+++ b/src/node/utils/Settings.ts
@@ -165,6 +165,15 @@ export type SettingsType = {
   showRecentPads: boolean,
   favicon: string | null,
   publicURL: string | null,
+  socialMeta: {
+    // Runtime type is wider than what an operator writes by hand: when
+    // `socialMeta.description` is sourced from an env var (e.g.
+    // `"${SOCIAL_META_DESCRIPTION:null}"` in settings.json.docker), the
+    // settings loader's `coerceValue()` turns numeric-looking strings into
+    // numbers and "true"/"false" into booleans. Downstream code stringifies
+    // before use; the wider type stops callers (and tests) needing casts.
+    description: string | number | boolean | null,
+  },
   ttl: {
     AccessToken: number,
     AuthorizationCode: number,
@@ -360,6 +369,24 @@ const settings: SettingsType = {
    * No trailing slash. Must include scheme.
    */
   publicURL: null,
+
+  /**
+   * Open Graph / Twitter Card metadata, served on the homepage, pad pages and
+   * timeslider for nicer previews when a pad URL is shared in chat apps.
+   *
+   * description: when non-null, this exact string is used as og:description /
+   *   twitter:description regardless of the visitor's negotiated language. Most
+   *   crawlers (WhatsApp, Signal, Telegram, Slack, Facebook) don't send an
+   *   Accept-Language header, so without an override they always see the
+   *   English fallback — set this if your instance serves a non-English
+   *   audience and you want a fixed blurb. Leave null to use Etherpad's
+   *   built-in i18n catalog (key `pad.social.description`), which honours the
+   *   visitor's Accept-Language and can be overridden per-language via the
+   *   standard `customLocaleStrings` mechanism below.
+   */
+  socialMeta: {
+    description: null,
+  },
   ttl: {
     AccessToken: 1 * 60 * 60, // 1 hour in seconds
     AuthorizationCode: 10 * 60, // 10 minutes in seconds
@@ -369,7 +396,7 @@ const settings: SettingsType = {
   },
   updateServer: "https://static.etherpad.org",
   enableDarkMode: true,
-  enablePadWideSettings: false,
+  enablePadWideSettings: true,
   allowPadDeletionByAllUsers: false,
   privacyBanner: {
     enabled: false,
@@ -1087,6 +1114,30 @@ export const reloadSettings = () => {
       settings.privacyBanner.dismissal = 'dismissible';
     }
 
+    // Settings.json files generated before December 2021 used `false` as the
+    // default for these string options. The client treats the boolean `false`
+    // as a sentinel meaning "no enforced value", but the dispatch in
+    // pad.ts:getParams() coerces the boolean to the string "false" before
+    // applying it, which then propagates as the user's name and color and
+    // triggers `malformed color: false` on the server (#7686). Normalize
+    // legacy booleans to null at the boundary so downstream code sees the
+    // expected sentinel. Guard against a malformed padOptions (null, array,
+    // primitive) — storeSettings() will overwrite it raw if settings.json
+    // declares it as anything other than a plain object.
+    if (settings.padOptions != null
+        && typeof settings.padOptions === 'object'
+        && !Array.isArray(settings.padOptions)) {
+      for (const key of ['userName', 'userColor'] as const) {
+        if ((settings.padOptions as any)[key] === false) {
+          logger.warn(
+              `padOptions.${key}=false is a legacy default (pre-2021) and is ` +
+              `now treated as null. Update settings.json to use null instead ` +
+              `to silence this warning.`);
+          (settings.padOptions as any)[key] = null;
+        }
+      }
+    }
+
     // Init logging config
     settings.logconfig = defaultLogConfig(
       settings.loglevel ? settings.loglevel : defaultLogLevel,
diff --git a/src/node/utils/SkinColors.ts b/src/node/utils/SkinColors.ts
index c599b4c3816..74b9bedbcfe 100644
--- a/src/node/utils/SkinColors.ts
+++ b/src/node/utils/SkinColors.ts
@@ -1,34 +1,16 @@
 'use strict';
 
-// Toolbar background colors that the colibris skin variants resolve to.
-// Mirrors --bg-color in src/static/skins/colibris/src/pad-variants.css. Only
-// the colibris skin has a known mapping; for any other skin we cannot derive
-// the toolbar color server-side and emit no theme-color meta.
-//
-// Order matters: when skinVariants contains multiple *-toolbar tokens the
-// CSS cascade picks the rule defined last in pad-variants.css, so iterate in
-// source order and let the last matching token win.
-const TOOLBAR_COLORS_IN_CSS_ORDER: Array<[string, string]> = [
-  ['super-light-toolbar', '#ffffff'],
-  ['light-toolbar', '#f2f3f4'],
-  ['super-dark-toolbar', '#485365'],
-  ['dark-toolbar', '#576273'],
-];
-
-const COLIBRIS_DEFAULT_TOOLBAR_COLOR = '#ffffff';
+import {toolbarColorForTokens} from '../../static/js/skin_toolbar_colors';
 
 // The toolbar color the user actually sees on first paint, derived from the
-// configured skin and skinVariants. Returns null when the skin is unknown so
-// callers can omit the meta rather than emit a misleading value.
+// configured skin and skinVariants. Only the colibris skin has a known
+// mapping (see src/static/js/skin_toolbar_colors). For any other skin we
+// cannot derive the toolbar color server-side and return null so callers can
+// omit the meta rather than emit a misleading value.
 export const configuredToolbarColor = (
   skinName: string | undefined | null,
   skinVariants: string | undefined | null,
 ): string | null => {
   if (skinName !== 'colibris') return null;
-  const tokens = new Set((skinVariants || '').split(/\s+/).filter(Boolean));
-  let color: string | null = null;
-  for (const [variant, c] of TOOLBAR_COLORS_IN_CSS_ORDER) {
-    if (tokens.has(variant)) color = c;
-  }
-  return color || COLIBRIS_DEFAULT_TOOLBAR_COLOR;
+  return toolbarColorForTokens((skinVariants || '').split(/\s+/).filter(Boolean));
 };
diff --git a/src/node/utils/socialMeta.ts b/src/node/utils/socialMeta.ts
index efdeb429d1c..60fa285ee70 100644
--- a/src/node/utils/socialMeta.ts
+++ b/src/node/utils/socialMeta.ts
@@ -9,8 +9,13 @@ import type {Request} from 'express';
  * XSS via crafted pad IDs.
  *
  * The description text is sourced from Etherpad's i18n catalog under the key
- * `pad.social.description`. Operators can override it per-language via the
- * standard `customLocaleStrings` mechanism in settings.json.
+ * `pad.social.description`. Operators have two ways to override it:
+ *   - `settings.socialMeta.description` — flat string used regardless of
+ *     negotiated language. Useful because most link-preview crawlers don't
+ *     send Accept-Language and would otherwise always hit the English fallback.
+ *   - `customLocaleStrings` — per-language override that participates in
+ *     normal Accept-Language negotiation.
+ * The flat setting wins over the i18n catalog when set.
  */
 
 const SOCIAL_DESCRIPTION_KEY = 'pad.social.description';
@@ -96,6 +101,13 @@ type SocialMetaSettings = {
   title?: string,
   favicon?: string | null,
   publicURL?: string | null,
+  socialMeta?: {
+    // Wider than the operator-facing type: env-var-driven settings get
+    // pre-coerced by Settings.coerceValue(), so we may receive number/boolean
+    // even though "the value an operator types" is a string. Stringified at
+    // resolve time.
+    description?: string | number | boolean | null,
+  },
 };
 
 const negotiateRenderLang = (req: Request, availableLangs: AvailableLangs): string => {
@@ -153,10 +165,30 @@ export type RenderOpts = {
   padName?: string,
 };
 
+// Operator override wins when set. Settings.ts coerces env-var strings to
+// their typed form (e.g. SOCIAL_META_DESCRIPTION="123" arrives as the number
+// 123 and ="true" as the boolean true), so we accept string | number | boolean
+// and stringify before comparing. Empty / whitespace-only values are treated
+// as unset — an accidental "" in settings would otherwise silently blank out
+// og:description and break previews entirely.
+const resolveDescriptionWithOverride = (
+  override: string | number | boolean | null | undefined,
+  locales: {[lang: string]: {[key: string]: string}} | undefined,
+  renderLang: string,
+): string => {
+  if (override !== null && override !== undefined) {
+    const s = String(override);
+    if (s.trim() !== '') return s;
+  }
+  return resolveDescription(locales, renderLang);
+};
+
 export const renderSocialMeta = (o: RenderOpts): string => {
   const renderLang = negotiateRenderLang(o.req, o.availableLangs);
   const siteName = o.settings.title || 'Etherpad';
-  const description = resolveDescription(o.locales, renderLang);
+  const description = resolveDescriptionWithOverride(
+      o.settings.socialMeta && o.settings.socialMeta.description,
+      o.locales, renderLang);
   const imageUrl = resolveImageUrl(o.req, o.settings.favicon, o.settings.publicURL);
   const imageAlt = `${siteName} logo`;
 
diff --git a/src/static/js/pad.ts b/src/static/js/pad.ts
index 72364c26149..12406197ecf 100644
--- a/src/static/js/pad.ts
+++ b/src/static/js/pad.ts
@@ -136,6 +136,14 @@ const getParameters = [
     name: 'userName',
     checkVal: null,
     callback: (val) => {
+      // The default for globalUserName/globalUserColor is the boolean `false`
+      // (sentinel meaning "no enforced value"). Older settings.json files used
+      // boolean `false` for these options too, which getParams() coerces to
+      // the string "false" — that fooled the !== false sentinel checks at
+      // _afterHandshake and shipped the literal string "false" as the user's
+      // name and color (#7686). Reject the sentinel string here so URL
+      // parameters like ?userName=false also no-op.
+      if (!val || val === 'false') return;
       settings.globalUserName = val;
       clientVars.userName = val;
     },
@@ -144,6 +152,7 @@ const getParameters = [
     name: 'userColor',
     checkVal: null,
     callback: (val) => {
+      if (!val || val === 'false') return;
       settings.globalUserColor = val;
       clientVars.userColor = val;
     },
diff --git a/src/static/js/skin_toolbar_colors.ts b/src/static/js/skin_toolbar_colors.ts
new file mode 100644
index 00000000000..793b6f4b3de
--- /dev/null
+++ b/src/static/js/skin_toolbar_colors.ts
@@ -0,0 +1,31 @@
+'use strict';
+
+// Toolbar background colors that the colibris skin variants resolve to.
+// Mirrors --bg-color in src/static/skins/colibris/src/pad-variants.css. Lives
+// here (under static/js/) so both the browser bundle (skin_variants.ts) and
+// the server-side EJS helper (node/utils/SkinColors.ts) can import it without
+// duplication — a drift between client and server tables would silently
+// reintroduce the "address bar disagrees with toolbar" bug.
+//
+// Order matters: when skinVariants contains multiple *-toolbar tokens the
+// CSS cascade picks the rule defined last in pad-variants.css, so iterate in
+// source order and let the last matching token win.
+export const TOOLBAR_COLORS_IN_CSS_ORDER: ReadonlyArray<readonly [string, string]> = [
+  ['super-light-toolbar', '#ffffff'],
+  ['light-toolbar', '#f2f3f4'],
+  ['super-dark-toolbar', '#485365'],
+  ['dark-toolbar', '#576273'],
+];
+
+export const COLIBRIS_DEFAULT_TOOLBAR_COLOR = '#ffffff';
+
+// Resolve the toolbar color for a set of skin-variant tokens. Pure data: no
+// DOM, no Node APIs — safe to call from both server and client.
+export const toolbarColorForTokens = (tokens: Iterable<string>): string => {
+  const set = new Set(tokens);
+  let color = COLIBRIS_DEFAULT_TOOLBAR_COLOR;
+  for (const [variant, c] of TOOLBAR_COLORS_IN_CSS_ORDER) {
+    if (set.has(variant)) color = c;
+  }
+  return color;
+};
diff --git a/src/static/js/skin_variants.ts b/src/static/js/skin_variants.ts
index a10074384a8..99d6af3b6ec 100644
--- a/src/static/js/skin_variants.ts
+++ b/src/static/js/skin_variants.ts
@@ -1,9 +1,27 @@
 // @ts-nocheck
 'use strict';
 
+import {toolbarColorForTokens} from './skin_toolbar_colors';
+
 const containers = ['editor', 'background', 'toolbar'];
 const colors = ['super-light', 'light', 'dark', 'super-dark'];
 
+// Keep <meta name="theme-color"> in sync with the toolbar the user actually
+// sees. The server emits a baseline derived from settings.skinVariants, but
+// pad.ts may flip the toolbar to super-dark on first paint (enableDarkMode
+// + prefers-color-scheme:dark + no localStorage white-mode override) and
+// the user can toggle via #options-darkmode. Without this, dark-mode users
+// keep the light meta and see a white address bar above a dark toolbar
+// (issue #7606 follow-up). Color resolution lives in skin_toolbar_colors so
+// the server-rendered baseline and the client updates share one source of
+// truth — Qodo flagged the prior duplicated table as a drift hazard.
+const updateThemeColorMeta = (newClasses: string[]) => {
+  const meta = document.querySelector('meta[name="theme-color"]');
+  if (!meta) return;
+  meta.setAttribute('content',
+      toolbarColorForTokens(newClasses.join(' ').split(/\s+/).filter(Boolean)));
+};
+
 // add corresponding classes when config change
 const updateSkinVariantsClasses = (newClasses) => {
   const domsToUpdate = [
@@ -21,6 +39,8 @@ const updateSkinVariantsClasses = (newClasses) => {
   domsToUpdate.forEach((el) => { el.removeClass('full-width-editor'); });
 
   domsToUpdate.forEach((el) => { el.addClass(newClasses.join(' ')); });
+
+  updateThemeColorMeta(newClasses);
 };
 
 
diff --git a/src/templates/pad.html b/src/templates/pad.html
index ecac35ad607..5212b004606 100644
--- a/src/templates/pad.html
+++ b/src/templates/pad.html
@@ -127,11 +127,7 @@
       <!------------------------------------------------------------->
 
       <div id="settings" class="popup" role="dialog" aria-modal="true" aria-labelledby="settings-title"><div class="popup-content">
-          <% if (settings.enablePadWideSettings) { %>
           <h1 id="settings-title" data-l10n-id="pad.settings.title">Settings</h1>
-          <% } else { %>
-          <h1 id="settings-title" data-l10n-id="pad.settings.padSettings">Pad Settings</h1>
-          <% } %>
           <div class="settings-sections">
             <div id="user-settings-section" class="settings-section">
             <% e.begin_block("mySettings"); %>
diff --git a/src/tests/backend/specs/padOptionsLegacyDefaults.ts b/src/tests/backend/specs/padOptionsLegacyDefaults.ts
new file mode 100644
index 00000000000..73d0a08d588
--- /dev/null
+++ b/src/tests/backend/specs/padOptionsLegacyDefaults.ts
@@ -0,0 +1,98 @@
+'use strict';
+
+import {strict as assert} from 'assert';
+
+describe(__filename, function () {
+  // Replicates the shim block from Settings.ts::reloadSettings so we can
+  // assert the mapping without rebooting the whole server in this spec.
+  // Keep this in lockstep with the production block — if you change the
+  // shim there, change it here too.
+  const applyShim = (padOptions: any) => {
+    if (padOptions != null && typeof padOptions === 'object' && !Array.isArray(padOptions)) {
+      for (const key of ['userName', 'userColor']) {
+        if (padOptions[key] === false) padOptions[key] = null;
+      }
+    }
+    return padOptions;
+  };
+
+  describe('legacy padOptions.userName/userColor=false → null shim', function () {
+    it('coerces userName=false to null', function () {
+      const out = applyShim({userName: false});
+      assert.strictEqual(out.userName, null);
+    });
+
+    it('coerces userColor=false to null', function () {
+      const out = applyShim({userColor: false});
+      assert.strictEqual(out.userColor, null);
+    });
+
+    it('coerces both legacy defaults in one pass', function () {
+      const out = applyShim({userName: false, userColor: false});
+      assert.strictEqual(out.userName, null);
+      assert.strictEqual(out.userColor, null);
+    });
+
+    it('leaves an explicit string userName intact', function () {
+      const out = applyShim({userName: 'Etherpad User'});
+      assert.strictEqual(out.userName, 'Etherpad User');
+    });
+
+    it('leaves an explicit hex userColor intact', function () {
+      const out = applyShim({userColor: '#ff9900'});
+      assert.strictEqual(out.userColor, '#ff9900');
+    });
+
+    it('leaves null values untouched', function () {
+      const out = applyShim({userName: null, userColor: null});
+      assert.strictEqual(out.userName, null);
+      assert.strictEqual(out.userColor, null);
+    });
+
+    it('does not affect other padOptions keys that legitimately use false', function () {
+      // showChat:false, rtl:false, etc. are real, meaningful values — only
+      // the two string options carry the legacy boolean sentinel.
+      const out = applyShim({
+        userName: false,
+        userColor: false,
+        showChat: false,
+        rtl: false,
+        useMonospaceFont: false,
+      });
+      assert.strictEqual(out.userName, null);
+      assert.strictEqual(out.userColor, null);
+      assert.strictEqual(out.showChat, false);
+      assert.strictEqual(out.rtl, false);
+      assert.strictEqual(out.useMonospaceFont, false);
+    });
+
+    it('does not coerce the string "false" — that is handled in the client guard', function () {
+      // The server-side shim only normalizes the boolean sentinel from
+      // legacy settings.json. URL-supplied or stringified "false" is
+      // rejected by pad.ts::getParameters.userName/userColor callbacks.
+      const out = applyShim({userName: 'false', userColor: 'false'});
+      assert.strictEqual(out.userName, 'false');
+      assert.strictEqual(out.userColor, 'false');
+    });
+
+    it('skips the shim if padOptions is null', function () {
+      // storeSettings() overwrites settings.padOptions raw if settings.json
+      // declares it as a non-object — the shim must not throw on that.
+      assert.doesNotThrow(() => applyShim(null));
+      assert.strictEqual(applyShim(null), null);
+    });
+
+    it('skips the shim if padOptions is a primitive', function () {
+      assert.doesNotThrow(() => applyShim(false));
+      assert.doesNotThrow(() => applyShim('not an object'));
+      assert.doesNotThrow(() => applyShim(42));
+    });
+
+    it('skips the shim if padOptions is an array', function () {
+      const arr: any = [false, false];
+      assert.doesNotThrow(() => applyShim(arr));
+      // Arrays pass through untouched — index 0/1 (numeric) are not coerced.
+      assert.deepEqual(applyShim(arr), [false, false]);
+    });
+  });
+});
diff --git a/src/tests/backend/specs/settingsModalHeading.ts b/src/tests/backend/specs/settingsModalHeading.ts
new file mode 100644
index 00000000000..23aaa430689
--- /dev/null
+++ b/src/tests/backend/specs/settingsModalHeading.ts
@@ -0,0 +1,45 @@
+'use strict';
+
+import {MapArrayType} from '../../../node/types/MapType';
+import settings from '../../../node/utils/Settings';
+
+const assert = require('assert').strict;
+const common = require('../common');
+
+// Regression coverage for the settings modal title. With
+// `enablePadWideSettings: false` the template used to render
+// `data-l10n-id="pad.settings.padSettings"` ("Pad-wide Settings") for every
+// user, even though no pad-wide controls were rendered in that mode. The fix
+// removes the conditional and always uses `pad.settings.title` ("Settings").
+describe(__filename, function () {
+  this.timeout(30000);
+  let agent: any;
+  const backup: MapArrayType<any> = {};
+
+  before(async function () { agent = await common.init(); });
+
+  beforeEach(async function () {
+    backup.enablePadWideSettings = settings.enablePadWideSettings;
+  });
+
+  afterEach(async function () {
+    settings.enablePadWideSettings = backup.enablePadWideSettings;
+  });
+
+  const titleH1 = (html: string): string | null => {
+    const m = html.match(/<h1\s+id="settings-title"[^>]*data-l10n-id="([^"]+)"/);
+    return m ? m[1] : null;
+  };
+
+  it('uses pad.settings.title with the feature enabled', async function () {
+    settings.enablePadWideSettings = true;
+    const res = await agent.get('/p/headingTest').expect(200);
+    assert.equal(titleH1(res.text), 'pad.settings.title');
+  });
+
+  it('uses pad.settings.title with the feature disabled (no misleading "Pad-wide" label)', async function () {
+    settings.enablePadWideSettings = false;
+    const res = await agent.get('/p/headingTest').expect(200);
+    assert.equal(titleH1(res.text), 'pad.settings.title');
+  });
+});
diff --git a/src/tests/backend/specs/socialMeta-unit.ts b/src/tests/backend/specs/socialMeta-unit.ts
index da86a194fbe..63b39724eb4 100644
--- a/src/tests/backend/specs/socialMeta-unit.ts
+++ b/src/tests/backend/specs/socialMeta-unit.ts
@@ -168,6 +168,121 @@ describe(__filename, function () {
     });
   });
 
+  describe('renderSocialMeta — settings.socialMeta.description override', function () {
+    it('overrides i18n catalog regardless of negotiated language', function () {
+      // Crawler sends de, catalog has both en and de entries — operator
+      // override wins anyway. This is the crawler-no-Accept-Language case.
+      const html = renderSocialMeta({
+        req: fakeReq({acceptsLanguages: () => 'de'}),
+        settings: {
+          title: 'Etherpad', favicon: null,
+          socialMeta: {description: 'Operator-set blurb'},
+        },
+        availableLangs: {en: {}, de: {}},
+        locales: {
+          en: {'pad.social.description': 'En catalog'},
+          de: {'pad.social.description': 'De catalog'},
+        },
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), 'Operator-set blurb');
+      assert.equal(ogTag(html, 'twitter:description'), 'Operator-set blurb');
+    });
+
+    it('null override falls back to i18n catalog', function () {
+      const html = renderSocialMeta({
+        req: fakeReq({acceptsLanguages: () => 'de'}),
+        settings: {
+          title: 'Etherpad', favicon: null,
+          socialMeta: {description: null},
+        },
+        availableLangs: {en: {}, de: {}},
+        locales: {
+          en: {'pad.social.description': 'En'},
+          de: {'pad.social.description': 'De'},
+        },
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), 'De');
+    });
+
+    it('empty / whitespace override does NOT silence the description', function () {
+      // An accidental empty string in settings.json must not blank out the tag —
+      // we'd lose previews entirely. Treat it as unset.
+      for (const blank of ['', '   ', '\t\n']) {
+        const html = renderSocialMeta({
+          req: fakeReq({acceptsLanguages: () => 'en'}),
+          settings: {
+            title: 'Etherpad', favicon: null,
+            socialMeta: {description: blank},
+          },
+          availableLangs: {en: {}},
+          locales: {en: {'pad.social.description': 'Catalog wins'}},
+          kind: 'pad', padName: 'P',
+        });
+        assert.equal(ogTag(html, 'og:description'), 'Catalog wins',
+            `blank override (${JSON.stringify(blank)}) should fall back`);
+      }
+    });
+
+    it('HTML-escapes the override (it is operator-controlled but renders into HTML)', function () {
+      const html = renderSocialMeta({
+        req: fakeReq(),
+        settings: {
+          title: 'Etherpad', favicon: null,
+          socialMeta: {description: 'A & B "<C>"'},
+        },
+        availableLangs: {en: {}}, locales: enLocales,
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), 'A &amp; B &quot;&lt;C&gt;&quot;');
+    });
+
+    it('missing socialMeta block is treated as unset', function () {
+      // Older settings.json files won't have the socialMeta block at all.
+      const html = renderSocialMeta({
+        req: fakeReq({acceptsLanguages: () => 'en'}),
+        settings: {title: 'Etherpad', favicon: null},
+        availableLangs: {en: {}},
+        locales: {en: {'pad.social.description': 'Catalog'}},
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), 'Catalog');
+    });
+
+    it('numeric override is stringified (env-var coercion safety)', function () {
+      // Settings.ts coerceValue() turns numeric-looking env vars into numbers,
+      // so SOCIAL_META_DESCRIPTION="2026" arrives here as the number 2026.
+      // Without stringification the resolver would silently fall back to i18n.
+      const html = renderSocialMeta({
+        req: fakeReq(),
+        settings: {
+          title: 'Etherpad', favicon: null,
+          socialMeta: {description: 2026},
+        },
+        availableLangs: {en: {}}, locales: enLocales,
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), '2026');
+    });
+
+    it('boolean override is stringified (covers "true"/"false" env-var coercion)', function () {
+      // Less likely than the numeric case but possible: setting
+      // SOCIAL_META_DESCRIPTION="true" yields a boolean. Treat it like the
+      // operator wrote that literal string rather than silently dropping it.
+      const html = renderSocialMeta({
+        req: fakeReq(),
+        settings: {
+          title: 'Etherpad', favicon: null,
+          socialMeta: {description: true},
+        },
+        availableLangs: {en: {}}, locales: enLocales,
+        kind: 'pad', padName: 'P',
+      });
+      assert.equal(ogTag(html, 'og:description'), 'true');
+    });
+  });
+
   describe('renderSocialMeta — image URL', function () {
     it('builds absolute URL to /favicon.ico when settings.favicon is null', function () {
       const html = renderSocialMeta({
diff --git a/src/tests/backend/specs/socialMeta.ts b/src/tests/backend/specs/socialMeta.ts
index dbf24c04820..34596e87996 100644
--- a/src/tests/backend/specs/socialMeta.ts
+++ b/src/tests/backend/specs/socialMeta.ts
@@ -24,11 +24,15 @@ describe(__filename, function () {
   beforeEach(async function () {
     backup.title = settings.title;
     backup.favicon = settings.favicon;
+    backup.socialMeta = settings.socialMeta;
+    // Default shape — every test starts with no override.
+    settings.socialMeta = {description: null};
   });
 
   afterEach(async function () {
     settings.title = backup.title;
     settings.favicon = backup.favicon;
+    settings.socialMeta = backup.socialMeta;
   });
 
   describe('pad page', function () {
@@ -121,4 +125,45 @@ describe(__filename, function () {
       assert.equal(ogTag(res.text, 'og:title'), settings.title);
     });
   });
+
+  describe('settings.socialMeta.description override', function () {
+    it('overrides og:description and twitter:description', async function () {
+      settings.socialMeta = {description: 'Custom blurb for issue 7599'};
+      const res = await agent.get('/p/TestPad7599').expect(200);
+      assert.equal(ogTag(res.text, 'og:description'), 'Custom blurb for issue 7599');
+      assert.equal(ogTag(res.text, 'twitter:description'), 'Custom blurb for issue 7599');
+    });
+
+    it('override beats Accept-Language negotiation', async function () {
+      // Crawlers (WhatsApp/Signal/etc.) typically send no Accept-Language and
+      // would otherwise always hit the English fallback. Operator override
+      // wins regardless of the negotiated locale.
+      settings.socialMeta = {description: 'Operator wins'};
+      const res = await agent.get('/p/TestPad7599')
+          .set('Accept-Language', 'de').expect(200);
+      assert.equal(ogTag(res.text, 'og:description'), 'Operator wins');
+    });
+
+    it('blank override falls back to i18n catalog (does not silence preview)', async function () {
+      settings.socialMeta = {description: '   '};
+      const res = await agent.get('/p/TestPad7599')
+          .set('Accept-Language', 'en').expect(200);
+      const desc = ogTag(res.text, 'og:description');
+      assert.ok(desc && desc.length > 0,
+          'blank override should not blank out og:description');
+      assert.match(desc!, /collaborative/i);
+    });
+
+    it('HTML-escapes the override', async function () {
+      settings.socialMeta = {description: 'A & B <c> "d"'};
+      const res = await agent.get('/p/TestPad7599').expect(200);
+      // The HTML body contains the *escaped* form; the parsed attribute value
+      // (what ogTag returns) is the unescaped logical string the meta tag
+      // exposes — assert both: no raw <c> in the served HTML, and the logical
+      // value round-trips correctly.
+      assert.ok(!/content="[^"]*<c>/.test(res.text),
+          'raw "<c>" must not appear inside content="..."');
+      assert.equal(ogTag(res.text, 'og:description'), 'A &amp; B &lt;c&gt; &quot;d&quot;');
+    });
+  });
 });
diff --git a/src/tests/backend/specs/socketio.ts b/src/tests/backend/specs/socketio.ts
index fa7a7dd2723..43da20b15e2 100644
--- a/src/tests/backend/specs/socketio.ts
+++ b/src/tests/backend/specs/socketio.ts
@@ -34,7 +34,7 @@ describe(__filename, function () {
       plugins.hooks[hookName] = [];
     }
     backups.settings = {};
-    for (const setting of ['editOnly', 'requireAuthentication', 'requireAuthorization', 'users']) {
+    for (const setting of ['editOnly', 'requireAuthentication', 'requireAuthorization', 'users', 'enablePadWideSettings']) {
       // @ts-ignore
       backups.settings[setting] = settings[setting];
     }
@@ -432,6 +432,66 @@ describe(__filename, function () {
     });
   });
 
+  describe('Pad-wide settings creator gate', function () {
+    let socketA: any;
+    let socketB: any;
+
+    const removeIfExists = async (padId: string) => {
+      if (await padManager.doesPadExist(padId)) {
+        const p = await padManager.getPad(padId);
+        await p.remove();
+      }
+    };
+
+    beforeEach(async function () {
+      // @ts-ignore - test toggles a public setting
+      settings.enablePadWideSettings = true;
+      await removeIfExists('foo');
+    });
+
+    afterEach(async function () {
+      for (const s of [socketA, socketB]) if (s) s.close();
+      socketA = null;
+      socketB = null;
+      socket = null;
+      await removeIfExists('foo');
+    });
+
+    it('different browsers (separate cookie jars): only the creator gets canEditPadSettings', async function () {
+      const supertest = require('supertest');
+      const browserA = supertest(common.baseUrl);
+      const browserB = supertest(common.baseUrl);
+
+      const resA = await browserA.get('/p/foo').expect(200);
+      socketA = await common.connect(resA);
+      const cvA = await common.handshake(socketA, 'foo');
+      assert.equal(cvA.data.canEditPadSettings, true,
+          'first joiner (creator) should see Pad-wide Settings');
+
+      const resB = await browserB.get('/p/foo').expect(200);
+      socketB = await common.connect(resB);
+      const cvB = await common.handshake(socketB, 'foo');
+      assert.equal(cvB.data.canEditPadSettings, false,
+          'non-creator joiner must NOT see Pad-wide Settings');
+    });
+
+    it('same browser two tabs (shared cookie jar): BOTH get canEditPadSettings=true', async function () {
+      // Reusing the same response (and its set-cookie header) for both
+      // connects is the backend equivalent of two browser tabs sharing the
+      // same HttpOnly token cookie — same authorID, same creator.
+      const res = await agent.get('/p/foo').expect(200);
+
+      socketA = await common.connect(res);
+      const cvA = await common.handshake(socketA, 'foo');
+      assert.equal(cvA.data.canEditPadSettings, true);
+
+      socketB = await common.connect(res);
+      const cvB = await common.handshake(socketB, 'foo');
+      assert.equal(cvB.data.canEditPadSettings, true,
+          'same author across tabs is one identity, both are the creator');
+    });
+  });
+
   describe('SocketIORouter.js', function () {
     const Module = class {
       setSocketIO(io:any) {}
diff --git a/src/tests/frontend-new/specs/theme_color_dark_mode.spec.ts b/src/tests/frontend-new/specs/theme_color_dark_mode.spec.ts
new file mode 100644
index 00000000000..0393b913bde
--- /dev/null
+++ b/src/tests/frontend-new/specs/theme_color_dark_mode.spec.ts
@@ -0,0 +1,42 @@
+import {expect, test, Page} from '@playwright/test';
+import {goToNewPad} from '../helper/padHelper';
+
+const themeColor = (page: Page) =>
+  page.locator('meta[name="theme-color"]').getAttribute('content');
+
+test.describe('light color scheme', () => {
+  test.use({colorScheme: 'light'});
+
+  test('theme-color meta tracks the dark-mode toggle', async ({page}) => {
+    await goToNewPad(page);
+    // Server emits the light baseline derived from settings.skinVariants.
+    expect(await themeColor(page)).toBe('#ffffff');
+
+    await page.locator('button[data-l10n-id="pad.toolbar.settings.title"]').click();
+    await expect(page.locator('#theme-toggle-row')).toBeVisible();
+
+    // Colibris styles the native checkbox via a sibling label; click the label
+    // so the toggle fires the real change event the production code listens on.
+    await page.locator('label[for="options-darkmode"]').click();
+    // pad.ts forces super-dark-toolbar (#485365) regardless of the configured
+    // light skinVariants, so the meta must follow the client-applied class.
+    await expect.poll(() => themeColor(page)).toBe('#485365');
+
+    await page.locator('label[for="options-darkmode"]').click();
+    await expect.poll(() => themeColor(page)).toBe('#ffffff');
+  });
+});
+
+test.describe('dark color scheme', () => {
+  test.use({colorScheme: 'dark'});
+
+  test('theme-color meta follows the auto dark-mode switch on dark-OS clients',
+    async ({page}) => {
+      await goToNewPad(page);
+      // pad.ts auto-switches to super-dark-toolbar when enableDarkMode is on,
+      // matchMedia(prefers-color-scheme:dark) matches, and no localStorage
+      // white-mode override is set. The meta must follow the applied class —
+      // this is the case stffen reported on issue #7606.
+      await expect.poll(() => themeColor(page)).toBe('#485365');
+    });
+});