diff --git a/WebGoat/Content/HeaderInjection.aspx.cs b/WebGoat/Content/HeaderInjection.aspx.cs
index 47b665ea..d4562ed8 100644
--- a/WebGoat/Content/HeaderInjection.aspx.cs
+++ b/WebGoat/Content/HeaderInjection.aspx.cs
@@ -30,7 +30,7 @@ protected void Page_Load(object sender, EventArgs e)
 
 
             //Headers
-            lblHeaders.Text = Request.Headers.ToString().Replace("&", "<br />");
+            lblHeaders.Text = System.Web.HttpUtility.HtmlEncode(Request.Headers.ToString()).Replace("&amp;", "<br />");
 
             //Cookies
             ArrayList colCookies = new ArrayList();
@@ -44,4 +44,4 @@ protected void Page_Load(object sender, EventArgs e)
 
         }
     }
-}
\ No newline at end of file
+}