Capitalized SecurityMiddleware headers for consistency with other headers.

(No behavior change since HTTP headers are case insensitive.)

1 files changed, 4 insertions, 4 deletions

diff --git a/django/middleware/security.py b/django/middleware/security.py
index 296567432f..dfca3b64de 100644
--- a/django/middleware/security.py
+++ b/django/middleware/security.py
@@ -29,18 +29,18 @@ class SecurityMiddleware(MiddlewareMixin):
 
     def process_response(self, request, response):
         if (self.sts_seconds and request.is_secure() and
-                'strict-transport-security' not in response):
+                'Strict-Transport-Security' not in response):
             sts_header = "max-age=%s" % self.sts_seconds
             if self.sts_include_subdomains:
                 sts_header = sts_header + "; includeSubDomains"
             if self.sts_preload:
                 sts_header = sts_header + "; preload"
-            response["strict-transport-security"] = sts_header
+            response['Strict-Transport-Security'] = sts_header
 
         if self.content_type_nosniff:
-            response.setdefault('x-content-type-options', 'nosniff')
+            response.setdefault('X-Content-Type-Options', 'nosniff')
 
         if self.xss_filter:
-            response.setdefault('x-xss-protection', '1; mode=block')
+            response.setdefault('X-XSS-Protection', '1; mode=block')
 
         return response