diff --git a/pkg/operator/endpoints/middleware.go b/pkg/operator/endpoints/middleware.go
index cbe9664616..d61a11c8cf 100644
--- a/pkg/operator/endpoints/middleware.go
+++ b/pkg/operator/endpoints/middleware.go
@@ -67,11 +67,16 @@ func AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		authHeader := r.Header.Get("Authorization")
 
-		if !strings.HasPrefix(authHeader, "CortexAWS") {
+		if authHeader == "" {
 			respondError(w, r, ErrorAuthHeaderMissing())
 			return
 		}
 
+		if len(authHeader) < 10 || !strings.HasPrefix(authHeader, "CortexAWS") {
+			respondError(w, r, ErrorAuthHeaderMalformed())
+			return
+		}
+
 		parts := strings.Split(authHeader[10:], "|")
 		if len(parts) != 2 {
 			respondError(w, r, ErrorAuthHeaderMalformed())