diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
index 76bb66ed6..a4e4dca49 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -175,9 +175,8 @@ class ApiControllerBase extends ControllerRoot
             }
 
             // check for valid csrf on post requests
-            $csrf_tokenkey = $this->request->getHeader('X_CSRFTOKENKEY');
-            $csrf_token =   $this->request->getHeader('X_CSRFTOKEN');
-            $csrf_valid = $this->security->checkToken($csrf_tokenkey, $csrf_token, false);
+            $csrf_token = $this->request->getHeader('X_CSRFTOKEN');
+            $csrf_valid = $this->security->checkToken(null, $csrf_token, false);
 
             if (($this->request->isPost() ||
                     $this->request->isPut() ||
diff --git a/src/opnsense/mvc/app/views/layouts/default.volt b/src/opnsense/mvc/app/views/layouts/default.volt
index e10d7113f..f69d97bc9 100644
--- a/src/opnsense/mvc/app/views/layouts/default.volt
+++ b/src/opnsense/mvc/app/views/layouts/default.volt
@@ -51,7 +51,6 @@
                 $.ajaxSetup({
                     'beforeSend': function(xhr) {
                         xhr.setRequestHeader("X-CSRFToken", "{{ csrf_token }}" );
-                        xhr.setRequestHeader("X-CSRFTokenKey", "{{ csrf_tokenKey }}" );
                     }
                 });
                 // propagate ajax error messages