diff --git a/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java b/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java
index 083849f863..ed24f19f91 100644
--- a/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java
+++ b/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java
@@ -141,7 +141,7 @@ public final class ObservationFilterChainDecorator implements FilterChainProxy.F
 
 	static final class ObservationFilter implements Filter {
 
-		private static final Map<String, String> OBSERVATION_NAMES = new HashMap<>();
+		static final Map<String, String> OBSERVATION_NAMES = new HashMap<>();
 
 		static {
 			OBSERVATION_NAMES.put("DisableEncodeUrlFilter", "session.urlencoding");
diff --git a/web/src/test/java/org/springframework/security/web/ObservationFilterChainDecoratorTests.java b/web/src/test/java/org/springframework/security/web/ObservationFilterChainDecoratorTests.java
index c0086ec19b..e95a1bb3eb 100644
--- a/web/src/test/java/org/springframework/security/web/ObservationFilterChainDecoratorTests.java
+++ b/web/src/test/java/org/springframework/security/web/ObservationFilterChainDecoratorTests.java
@@ -150,6 +150,13 @@ public class ObservationFilterChainDecoratorTests {
 			.isEqualTo(expectedFilterNameTag);
 	}
 
+	// gh-13660
+	@Test
+	void observationNamesDoNotContainDashes() {
+		ObservationFilterChainDecorator.ObservationFilter.OBSERVATION_NAMES.values()
+			.forEach((name) -> assertThat(name).doesNotContain("-"));
+	}
+
 	static Stream<Arguments> decorateFiltersWhenCompletesThenHasSpringSecurityReachedFilterNameTag() {
 		Filter filterWithName = new BasicAuthenticationFilter();