diff --git a/xfer/publisher.go b/xfer/publisher.go
index 5c5bd90e2..6b457b314 100644
--- a/xfer/publisher.go
+++ b/xfer/publisher.go
@@ -52,7 +52,7 @@ func (p HTTPPublisher) Publish(rpt report.Report) error {
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Authorization", p.token)
+	req.Header.Set("Authorization", AuthorizationHeader(p.token))
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return err
@@ -64,6 +64,12 @@ func (p HTTPPublisher) Publish(rpt report.Report) error {
 	return nil
 }
 
+// AuthorizationHeader returns a value suitable for an HTTP Authorization
+// header, based on the passed token string.
+func AuthorizationHeader(token string) string {
+	return fmt.Sprintf("Scope-Probe token=%s", token)
+}
+
 // MultiPublisher implements Publisher over a set of publishers.
 type MultiPublisher struct {
 	mtx     sync.RWMutex
diff --git a/xfer/publisher_test.go b/xfer/publisher_test.go
index c856e1a4e..2618bf34a 100644
--- a/xfer/publisher_test.go
+++ b/xfer/publisher_test.go
@@ -19,7 +19,7 @@ func TestHTTPPublisher(t *testing.T) {
 	)
 
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if want, have := token, r.Header.Get("Authorization"); want != have {
+		if want, have := xfer.AuthorizationHeader(token), r.Header.Get("Authorization"); want != have {
 			t.Errorf("want %q, have %q", want, have)
 		}
 		var have report.Report