diff --git a/Robust.Cdn/Controllers/DownloadController.cs b/Robust.Cdn/Controllers/DownloadController.cs
index 2abf4d2..d094cff 100644
--- a/Robust.Cdn/Controllers/DownloadController.cs
+++ b/Robust.Cdn/Controllers/DownloadController.cs
@@ -315,7 +315,8 @@ public async Task<IActionResult> Download(string version)
 
     // TODO: Crappy Accept-Encoding parser
     private bool AcceptsZStd => Request.Headers.AcceptEncoding.Count > 0
-                                && Request.Headers.AcceptEncoding[0].Contains("zstd");
+                                && Request.Headers.AcceptEncoding[0] is { } header
+                                && header.Contains("zstd");
 
     public sealed class NoOpActionResult : IActionResult
     {
diff --git a/Robust.Cdn/Controllers/UpdateController.cs b/Robust.Cdn/Controllers/UpdateController.cs
index f0d6a2c..55fa272 100644
--- a/Robust.Cdn/Controllers/UpdateController.cs
+++ b/Robust.Cdn/Controllers/UpdateController.cs
@@ -29,7 +29,7 @@ public async Task<IActionResult> PostControlUpdate()
         var auth = authHeader[0];
 
         // Idk does using Bearer: make sense here?
-        if (!auth.StartsWith("Bearer "))
+        if (auth == null || !auth.StartsWith("Bearer "))
             return Unauthorized("Need Bearer: auth type");
 
         var token = auth["Bearer ".Length..];