From: Evan Prodromou Date: Fri, 5 Aug 2011 14:42:18 +0000 (-0400) Subject: Properly structure X-XSS-Protection header X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=0502e1d737af1586a7a280be005e55d85c71175a;p=quix0rs-gnu-social.git Properly structure X-XSS-Protection header --- diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index e358b2be5d..9a43ef069e 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter // Output anti-framing headers to prevent clickjacking (respected by newer // browsers). if (common_config('javascript', 'bustframes')) { - header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks + header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch }