diff -r e49660ba3161 -r 3d01ab6b1186 mod_http_upload_external/README.markdown
--- a/mod_http_upload_external/README.markdown	Sun Oct 21 14:54:19 2018 +0100
+++ b/mod_http_upload_external/README.markdown	Sun Oct 21 15:09:29 2018 +0100
@@ -195,7 +195,7 @@
 Some browsers may also benefit from explicitly telling them not to try guessing the type of a file:
 
 ```
-X-Content-Type-Options "nosniff"
+X-Content-Type-Options: nosniff
 ```
 
 #### Security headers
@@ -204,7 +204,7 @@
 content is not understood or trusted by the upload service:
 
 ```
-Content-Security-Policy: "default-src 'none'"
-X-Content-Security-Policy: "default-src 'none'"
-X-WebKit-CSP: "default-src 'none'"
+Content-Security-Policy: default-src 'none'
+X-Content-Security-Policy: default-src 'none'
+X-WebKit-CSP: default-src 'none'
 ```