From 0502e1d737af1586a7a280be005e55d85c71175a Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Fri, 5 Aug 2011 10:42:18 -0400
Subject: [PATCH] Properly structure X-XSS-Protection header

---
 lib/htmloutputter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php
index e358b2be5d..9a43ef069e 100644
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -111,7 +111,7 @@ class HTMLOutputter extends XMLOutputter
 	// Output anti-framing headers to prevent clickjacking (respected by newer
         // browsers).
 	if (common_config('javascript', 'bustframes')) {
-            header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
             header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
         }