diff --git a/cmd/collector/app/handler/http_handler.go b/cmd/collector/app/handler/http_handler.go
index bdff7cbbf4a..0124a29172b 100644
--- a/cmd/collector/app/handler/http_handler.go
+++ b/cmd/collector/app/handler/http_handler.go
@@ -17,6 +17,7 @@ package handler
 
 import (
 	"fmt"
+	"html"
 	"io/ioutil"
 	"mime"
 	"net/http"
@@ -76,7 +77,7 @@ func (aH *APIHandler) SaveSpan(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if _, ok := acceptedThriftFormats[contentType]; !ok {
-		http.Error(w, fmt.Sprintf("Unsupported content type: %v", contentType), http.StatusBadRequest)
+		http.Error(w, fmt.Sprintf("Unsupported content type: %v", html.EscapeString(contentType)), http.StatusBadRequest)
 		return
 	}