diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php
index 77665e40c..91d62bab1 100644
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@@ -242,9 +242,16 @@ XML;
     protected function blindKeyRotation(Request $request, Profile $profile)
     {
         $signature = $request->header('signature');
+        $date = $request->header('date');
         if(!$signature) {
             abort(400, 'Missing signature header');
         }
+        if(!$date) {
+            abort(400, 'Missing date header');
+        }
+        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
+            abort(400, 'Invalid date');
+        }
         $signatureData = HttpSignature::parseSignatureHeader($signature);
         $keyId = Helpers::validateUrl($signatureData['keyId']);
         $actor = Profile::whereKeyId($keyId)->whereNotNull('remote_url')->firstOrFail();