diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index a4b276fe..840168ed 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -1809,8 +1809,8 @@ func (s *httpdServer) setupWebAdminRoutes() {
 				router.With(s.checkPerm(dataprovider.PermAdminManageSystem)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
 				router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
 				router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
-				router.With(s.checkPerm(dataprovider.PermAdminManageDefender)).Delete(webDefenderHostsPath+"/{id}",
-					deleteDefenderHostByID)
+				router.With(s.checkPerm(dataprovider.PermAdminManageDefender), s.verifyCSRFHeader).
+					Delete(webDefenderHostsPath+"/{id}", deleteDefenderHostByID)
 				router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), compressor.Handler, s.refreshCookie).
 					Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions)
 				router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), s.refreshCookie).