From ed613194ac7423c4a307ef1efbe54fbfd8165f10 Mon Sep 17 00:00:00 2001
From: Yann Verry <yverry@users.noreply.github.com>
Date: Mon, 17 Jun 2019 23:46:35 +0200
Subject: [PATCH] HTTPServer: Fix X-XSS-Protection header formatting (#17620)

Fixes #17619
---
 pkg/middleware/middleware.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go
index f180a355d1e..bec6df6c7b3 100644
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@@ -270,8 +270,7 @@ func AddSecurityHeaders(w macaron.ResponseWriter) {
 	}
 
 	if setting.XSSProtectionHeader {
-		w.Header().Add("X-XSS-Protection", "1")
-		w.Header().Add("X-XSS-Protection", "mode=block")
+		w.Header().Add("X-XSS-Protection", "1; mode=block")
 	}
 }