diff --git a/docs/config-schema.yaml b/docs/config-schema.yaml
index 1517a6d8221..9b2d239230d 100644
--- a/docs/config-schema.yaml
+++ b/docs/config-schema.yaml
@@ -5706,7 +5706,7 @@ config-schema:
             The X-Frame-Options header to send on pages sensitive to clickjacking
             attacks, such as edit pages. This prevents those pages from being displayed
             in a frame or iframe. The options are:
-            - 'DENY': Do not allow framing. This is recommended for most wikis.
+              - 'DENY': Do not allow framing. This is recommended for most wikis.
               - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used
                     to allow framing within a trusted domain. This is insecure if there
                     is a page on the same domain which allows framing of arbitrary URLs.
diff --git a/includes/MainConfigSchema.php b/includes/MainConfigSchema.php
index 9df619f9e72..0c45119a584 100644
--- a/includes/MainConfigSchema.php
+++ b/includes/MainConfigSchema.php
@@ -9130,7 +9130,7 @@ class MainConfigSchema {
 	 * attacks, such as edit pages. This prevents those pages from being displayed
 	 * in a frame or iframe. The options are:
 	 *
-	 * - 'DENY': Do not allow framing. This is recommended for most wikis.
+	 *   - 'DENY': Do not allow framing. This is recommended for most wikis.
 	 *
 	 *   - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used
 	 *         to allow framing within a trusted domain. This is insecure if there