diff --git a/configuration.example.yaml b/configuration.example.yaml
index 951d151..38de444 100644
--- a/configuration.example.yaml
+++ b/configuration.example.yaml
@@ -4,7 +4,7 @@ server:
   address: 127.0.0.1
   # Port on which the webserver listens
   port: 7200
-  # If set, this token is required in the X-Poseidon-Token header for each route except /health
+  # If set, this token is required in the `Poseidon-Token` header for each route except /health
   token: SECRET
   # Configuration of TLS between the web client and Poseidon.
   tls:
diff --git a/docs/security.md b/docs/security.md
index 3f66428..d66a871 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,12 +10,12 @@
 
 The API supports authentication via an HTTP header. To enable it, specify the `server.token` value in the `configuration.yaml` or the corresponding environment variable `POSEIDON_SERVER_TOKEN`.
 
-Once configured, all requests to the API, except the `health` route require the configured token in the `X-Poseidon-Token` header.
+Once configured, all requests to the API, except the `health` route require the configured token in the `Poseidon-Token` header.
 
 An example `curl` command with the configured token being `SECRET` looks as follows:
 
 ```bash
-$ curl -H "X-Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
+$ curl -H "Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
 ```
 
 ### Nomad
diff --git a/internal/api/auth/auth.go b/internal/api/auth/auth.go
index 8c3da70..cf7d357 100644
--- a/internal/api/auth/auth.go
+++ b/internal/api/auth/auth.go
@@ -9,7 +9,7 @@ import (
 
 var log = logging.GetLogger("api/auth")
 
-const TokenHeader = "X-Poseidon-Token"
+const TokenHeader = "Poseidon-Token"
 
 var correctAuthenticationToken []byte