Commit 0502e1d7 authored by Evan Prodromou's avatar Evan Prodromou

Properly structure X-XSS-Protection header

parent e274ec49
......@@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
// Output anti-framing headers to prevent clickjacking (respected by newer
// browsers).
if (common_config('javascript', 'bustframes')) {
header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment