2 files changed, 5 insertions, 5 deletions

diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/SecurityServletFilter.java b/server/sonar-server/src/main/java/org/sonar/server/platform/SecurityServletFilter.java
index b929a8ce20f..cdf6c8ad178 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/platform/SecurityServletFilter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/platform/SecurityServletFilter.java
@@ -56,8 +56,6 @@ public class SecurityServletFilter implements Filter {
       return;
     }
 
-    chain.doFilter(httpRequest, httpResponse);
-
     // Clickjacking protection
     // See https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE
     httpResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
@@ -69,6 +67,8 @@ public class SecurityServletFilter implements Filter {
     // MIME-sniffing
     // See https://www.owasp.org/index.php/List_of_useful_HTTP_headers
     httpResponse.addHeader("X-Content-Type-Options", "nosniff");
+
+    chain.doFilter(httpRequest, httpResponse);
   }
 
   @Override
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/web.xml b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
index 504ee37e03c..69ccf9ee4b2 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/web.xml
+++ b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
@@ -62,15 +62,15 @@
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
-    <filter-name>UserSessionFilter</filter-name>
+    <filter-name>SecurityFilter</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
-    <filter-name>ServletFilters</filter-name>
+    <filter-name>UserSessionFilter</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
-    <filter-name>SecurityFilter</filter-name>
+    <filter-name>ServletFilters</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   <filter-mapping>