diff --git a/main.go b/main.go
index 9d91479..f1916a5 100644
--- a/main.go
+++ b/main.go
@@ -41,8 +41,8 @@ func main() {
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodGet {
 			log.Println("Wrong METHOD from", r.RemoteAddr)
-			w.WriteHeader(http.StatusMethodNotAllowed)
 			w.Header().Set("allow", http.MethodGet)
+			w.WriteHeader(http.StatusMethodNotAllowed)
 			return
 		}
 
@@ -61,15 +61,15 @@ func main() {
 		username, password, ok := r.BasicAuth()
 		if !ok || username != validUsername || password != validPassword {
 			log.Println("Unauthorized request from", r.RemoteAddr)
-			w.WriteHeader(http.StatusUnauthorized)
 			w.Header().Set("www-authentication", "Basic realm=\"space-api\"")
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 
 		if r.Method != http.MethodPut {
 			log.Println("Wrong METHOD from", r.RemoteAddr)
-			w.WriteHeader(http.StatusMethodNotAllowed)
 			w.Header().Set("allow", http.MethodPut)
+			w.WriteHeader(http.StatusMethodNotAllowed)
 			return
 		}