diff --git a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
index 92fe3aa2..4626772c 100644
--- a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
+++ b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
@@ -45,6 +45,7 @@ class InboxTest {
                 content = "{}"
                 contentType = MediaType.APPLICATION_JSON
             }
+            .asyncDispatch()
             .andExpect { status { isUnauthorized() } }
     }
 
@@ -68,6 +69,7 @@ class InboxTest {
                 content = "{}"
                 contentType = MediaType.APPLICATION_JSON
             }
+            .asyncDispatch()
             .andExpect { status { isUnauthorized() } }
     }
 
diff --git a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
index 1ad9062c..6c47a5b1 100644
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
@@ -5,6 +5,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import org.slf4j.LoggerFactory
+import org.springframework.http.HttpHeaders.WWW_AUTHENTICATE
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.RequestBody
@@ -21,6 +22,16 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
     ): ResponseEntity<Unit> {
         val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request
 
+        val headersList = request.headerNames?.toList().orEmpty()
+        if (headersList.contains("Signature").not()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .header(
+                    WWW_AUTHENTICATE,
+                    "Signature realm=\"Example\",headers=\"(request-target) date host digest\""
+                )
+                .build()
+        }
+
         val parseActivity = try {
             apService.parseActivity(string)
         } catch (e: Exception) {
@@ -31,7 +42,7 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
         try {
             val url = request.requestURL.toString()
 
-            val headersList = request.headerNames?.toList().orEmpty()
+
             val headers =
                 headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }
 
@@ -43,8 +54,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
                 }
             }
 
-            println(headers)
-
             apService.processActivity(
                 string,
                 parseActivity,