diff --git a/server/middleware/http.go b/server/middleware/http.go
index 352b0e1c..52d363e2 100644
--- a/server/middleware/http.go
+++ b/server/middleware/http.go
@@ -16,17 +16,6 @@ func ApiHeaders(fn func(App, http.ResponseWriter, *http.Request)) func(ctx App,
 	}
 }
 
-func SecureAjax(fn func(App, http.ResponseWriter, *http.Request)) func(ctx App, res http.ResponseWriter, req *http.Request) {
-	return func(ctx App, res http.ResponseWriter, req *http.Request) {
-		if req.Header.Get("X-Requested-With") != "XmlHttpRequest" {
-			Log.Warning("Intrusion detection: %s - %s", req.RemoteAddr, req.URL.String())
-			SendErrorResult(res, ErrNotAllowed)
-			return
-		}
-		fn(ctx, res, req)
-	}
-}
-
 func StaticHeaders(fn func(App, http.ResponseWriter, *http.Request)) func(ctx App, res http.ResponseWriter, req *http.Request) {
 	return func(ctx App, res http.ResponseWriter, req *http.Request) {
 		header := res.Header()
@@ -81,3 +70,14 @@ func SecureHeaders(fn func(App, http.ResponseWriter, *http.Request)) func(ctx Ap
 		fn(ctx, res, req)
 	}
 }
+
+func SecureAjax(fn func(App, http.ResponseWriter, *http.Request)) func(ctx App, res http.ResponseWriter, req *http.Request) {
+	return func(ctx App, res http.ResponseWriter, req *http.Request) {
+		if req.Header.Get("X-Requested-With") != "XmlHttpRequest" {
+			Log.Warning("Intrusion detection: %s - %s", req.RemoteAddr, req.URL.String())
+			SendErrorResult(res, ErrNotAllowed)
+			return
+		}
+		fn(ctx, res, req)
+	}
+}