diff --git a/packages/server/src/internals/server/graphql-middleware.ts b/packages/server/src/internals/server/graphql-middleware.ts
index b36ec4f52..e4b766659 100644
--- a/packages/server/src/internals/server/graphql-middleware.ts
+++ b/packages/server/src/internals/server/graphql-middleware.ts
@@ -27,6 +27,14 @@ const SessionDecoder = t.type({
   identity: IdentityDecoder,
 })
 
+const BodyWithSerloEditorTestingHeader = t.type({
+  context: t.type({
+    headers: t.type({
+      'X-SERLO-EDITOR-TESTING': t.string,
+    }),
+  }),
+})
+
 export async function applyGraphQLMiddleware({
   app,
   cache,
@@ -60,8 +68,9 @@ export async function applyGraphQLMiddleware({
     expressMiddleware(server, {
       async context({ req }): Promise<Context> {
         const isSerloEditorTesting =
-          req.headers['X-SERLO-EDITOR-TESTING'] ===
-          process.env.SERVER_SERLO_EDITOR_TESTING_SECRET
+          BodyWithSerloEditorTestingHeader.is(req.body) &&
+          req.body.context.headers['X-SERLO-EDITOR-TESTING'] ===
+            process.env.SERVER_SERLO_EDITOR_TESTING_SECRET
         const googleStorage = new Storage()
         const database = new Database(pool)
         const dataSources = {