diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index b506427d25..8707948579 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -823,7 +823,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 * replaced with "#". For example:
 		 *
 		 * <pre>
-		 * X-XSS-Protection: 1 ; mode=block
+		 * X-XSS-Protection: 1; mode=block
 		 * </pre>
 		 * @param headerValue the new header value
 		 * @since 5.8
diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
index 49ecf41672..50dbe184b2 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
@@ -320,7 +320,7 @@ public class HeaderSpecTests {
 
 	@Test
 	public void headersWhenXssProtectionValueEnabledModeBlockThenXssProtectionWritten() {
-		this.expectedHeaders.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
+		this.expectedHeaders.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block");
 		// @formatter:off
 		this.http.headers()
 				.xssProtection()
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
index 2ead176903..a4b11ca0d9 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java
@@ -74,7 +74,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	 * specify mode as blocked. The content will be replaced with "#". For example:
 	 *
 	 * <pre>
-	 * X-XSS-Protection: 1 ; mode=block
+	 * X-XSS-Protection: 1; mode=block
 	 * </pre>
 	 * @param headerValue the new header value
 	 * @throws IllegalArgumentException when headerValue is null
@@ -86,7 +86,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
 	}
 
 	/**
-	 * The value of the x-xss-protection header. One of: "0", "1", "1 ; mode=block"
+	 * The value of the x-xss-protection header. One of: "0", "1", "1; mode=block"
 	 *
 	 * @author Daniel Garnier-Moiroux
 	 * @since 5.8
diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
index 6c2a4afd7d..0bd0811c55 100644
--- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
@@ -73,7 +73,7 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	 * specify mode as blocked. The content will be replaced with "#". For example:
 	 *
 	 * <pre>
-	 * X-XSS-Protection: 1 ; mode=block
+	 * X-XSS-Protection: 1; mode=block
 	 * </pre>
 	 * @param headerValue the new headerValue
 	 * @throws IllegalArgumentException if headerValue is null
@@ -86,14 +86,14 @@ public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersW
 	}
 
 	/**
-	 * The value of the x-xss-protection header. One of: "0", "1", "1 ; mode=block"
+	 * The value of the x-xss-protection header. One of: "0", "1", "1; mode=block"
 	 *
 	 * @author Daniel Garnier-Moiroux
 	 * @since 5.8
 	 */
 	public enum HeaderValue {
 
-		DISABLED("0"), ENABLED("1"), ENABLED_MODE_BLOCK("1 ; mode=block");
+		DISABLED("0"), ENABLED("1"), ENABLED_MODE_BLOCK("1; mode=block");
 
 		private final String value;
 
diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
index 6037fb6296..1b3d882656 100644
--- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
@@ -82,7 +82,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
 		this.writer.writeHttpHeaders(this.exchange);
 		assertThat(this.headers).hasSize(1);
 		assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION))
-			.containsOnly("1 ; mode=block");
+			.containsOnly("1; mode=block");
 	}
 
 }