diff --git a/gatherling/api.php b/gatherling/api.php
index d88b02b32..27d107c2e 100644
--- a/gatherling/api.php
+++ b/gatherling/api.php
@@ -59,6 +59,7 @@
 
     case 'delplayer':
     case 'delete_player':
+        auth();
         $event = new Event($_GET['event']);
         $player = $_GET['delplayer'];
         $result = delete_player_from_event($event, $player);
diff --git a/gatherling/lib.php b/gatherling/lib.php
index adc6cecc2..c9d6e0a74 100644
--- a/gatherling/lib.php
+++ b/gatherling/lib.php
@@ -385,6 +385,7 @@ function json_headers()
     header('Cache-Control: no-cache');
     header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
     header('Access-Control-Allow-Origin: *');
+    header('HTTP_X_USERNAME: '.Player::loginName());
 }
 
 function distance_of_time_in_words($from_time, $to_time = 0, $truncate = false)