diff --git a/packages/builder/src/builderStore/api.js b/packages/builder/src/builderStore/api.js
index c132b01fc0..3fcd35ce28 100644
--- a/packages/builder/src/builderStore/api.js
+++ b/packages/builder/src/builderStore/api.js
@@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => {
     method: method,
     headers: {
       "Content-Type": "application/json",
-      "User-Agent": "Budibase Builder",
+      "x-user-agent": "Budibase Builder",
     },
     body: body && JSON.stringify(body),
   })
diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js
index 4ce99f7d3a..d0ce1e2f30 100644
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@@ -15,19 +15,16 @@ module.exports = async (ctx, next) => {
 
   const appToken = ctx.cookies.get("budibase:token")
   const builderToken = ctx.cookies.get("builder:token")
-  const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
+  const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"
 
   // all admin api access should auth with buildertoken and 'Budibase Builder user agent
   const shouldAuthAsBuilder = isBuilderAgent && builderToken
 
   if (shouldAuthAsBuilder) {
-    if (builderToken === env.ADMIN_SECRET) {
-      ctx.isAuthenticated = true
-      ctx.isBuilder = true
-    } else {
-      ctx.isAuthenticated = false
-      ctx.isBuilder = false
-    }
+    const builderTokenValid = builderToken === env.ADMIN_SECRET
+
+    ctx.isAuthenticated = builderTokenValid
+    ctx.isBuilder = builderTokenValid
 
     await next()
     return