From dd0db526d9168081f21f332f6fd9b810f30558fb Mon Sep 17 00:00:00 2001
From: Arjun Mishra <arjunsaxmishra@gmail.com>
Date: Wed, 30 May 2018 02:29:27 -0700
Subject: [PATCH] Remove quotes for XSS Protection Header (#5992)

---
 cmd/generic-handlers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go
index 37715bf5c..473e41d9f 100644
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@@ -661,7 +661,7 @@ func addSecurityHeaders(h http.Handler) http.Handler {
 
 func (s securityHeaderHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	header := w.Header()
-	header.Set("X-XSS-Protection", "\"1; mode=block\"")              // Prevents against XSS attacks
+	header.Set("X-XSS-Protection", "1; mode=block")                  // Prevents against XSS attacks
 	header.Set("Content-Security-Policy", "block-all-mixed-content") // prevent mixed (HTTP / HTTPS content)
 	s.handler.ServeHTTP(w, r)
 }