diff --git a/index.php b/index.php
index c6aa77d..732eaee 100644
--- a/index.php
+++ b/index.php
@@ -26,27 +26,19 @@ Router\before(function($action) {
         Response\redirect('?action=login');
     }
 
-    $language = 'en_US';
-
-    if (isset($_SESSION['user']['language'])) {
-
-        $language = $_SESSION['user']['language'];
-    }
-    else if (isset($_COOKIE['language'])) {
-
-        $language = $_COOKIE['language'];
-    }
-
-    if ($language !== 'en_US') {
-
-        PicoTools\Translator\load($language);
-    }
-
-    setcookie('language', $language, time()+365*24*3600, dirname($_SERVER['PHP_SELF']));
+    // Load translations
+    $language = Model\get_config_value('language') ?: 'en_US';
+    if ($language !== 'en_US') PicoTools\Translator\load($language);
 
+    // HTTP secure headers
     Response\csp(array(
         'img-src' => '*',
-        'frame-src' => 'http://www.youtube.com https://www.youtube.com http://player.vimeo.com https://player.vimeo.com'
+        'frame-src' => implode(' ', array(
+            'http://www.youtube.com',
+            'https://www.youtube.com',
+            'http://player.vimeo.com',
+            'https://player.vimeo.com',
+        ))
     ));
 
     Response\xframe();
diff --git a/model.php b/model.php
index c3ee14a..9ed09ad 100644
--- a/model.php
+++ b/model.php
@@ -624,6 +624,7 @@ function validate_config_update(array $values)
 
 function save_config(array $values)
 {
+    // Update the password if needed
     if (! empty($values['password'])) {
 
         $values['password'] = \password_hash($values['password'], PASSWORD_BCRYPT);
@@ -638,9 +639,7 @@ function save_config(array $values)
     // Reload configuration in session
     $_SESSION['config'] = $values;
 
-    $_SESSION['user']['language'] = $values['language'];
-    unset($_COOKIE['language']);
-
+    // Reload translations for flash session message
     \PicoTools\Translator\load($values['language']);
 
     // If the user does not want content of feeds, remove it in previous ones