diff --git a/plume-models/src/headers.rs b/plume-models/src/headers.rs
index d94b86a5..a3b046bd 100644
--- a/plume-models/src/headers.rs
+++ b/plume-models/src/headers.rs
@@ -1,5 +1,5 @@
 use rocket::request::{self, FromRequest, Request};
-use rocket::{http::HeaderMap, Outcome};
+use rocket::{http::{Header, HeaderMap}, Outcome};
 
 
 pub struct Headers<'r>(pub HeaderMap<'r>);
@@ -12,6 +12,16 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers<'r> {
         for header in request.headers().clone().into_iter() {
             headers.add(header);
         }
+        let ori = request.uri();
+        let uri = if let Some(query) = ori.query() {
+            format!("{}?{}", ori.path(), query)
+        } else {
+            ori.path().to_owned()
+        };
+        headers.add(Header::new("(request-target)",
+                                format!("{} {}",
+                                        request.method().as_str().to_lowercase(),
+                                        uri.to_lowercase())));
         Outcome::Success(Headers(headers))
     }
 }
diff --git a/src/routes/instance.rs b/src/routes/instance.rs
index 901bf713..d1e45cfa 100644
--- a/src/routes/instance.rs
+++ b/src/routes/instance.rs
@@ -200,8 +200,9 @@ fn shared_inbox(conn: DbConn, data: String, headers: Headers) -> String {
         .unwrap_or_else(|| activity["actor"]["id"].as_str().expect("No actor ID for incoming activity, blocks by panicking"));
 
     let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
-    if !verify_http_headers(&actor, headers.0, data).is_secure() &&
+    if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
         !act.clone().verify(&actor) {
+        println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
         return "invalid signature".to_owned();
     }
 
diff --git a/src/routes/user.rs b/src/routes/user.rs
index 8d655f3b..90c8986f 100644
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@@ -306,8 +306,9 @@ fn inbox(name: String, conn: DbConn, data: String, headers: Headers) -> String {
         .unwrap_or_else(|| activity["actor"]["id"].as_str().expect("User: No actor ID for incoming activity, blocks by panicking"));
 
     let actor = User::from_url(&conn, actor_id.to_owned()).unwrap();
-    if !verify_http_headers(&actor, headers.0, data).is_secure() &&
+    if !verify_http_headers(&actor, headers.0.clone(), data).is_secure() &&
         !act.clone().verify(&actor) {
+        println!("Rejected invalid activity supposedly from {}, with headers {:?}", actor.username, headers.0);
         return "invalid signature".to_owned();
     }