diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
index 06078792a2..3ba0e66685 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@@ -30,7 +30,7 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
             log.debug("Supplied origin '"+allowFromOrigin+"'");
         }
         if (StringUtils.hasText(allowFromOrigin) && allowed(allowFromOrigin)) {
-            return "ALLOW-FROM " + allowFromOrigin;
+            return allowFromOrigin;
         } else {
             return "DENY";
         }