diff --git a/Service/CsrfRequestEvaluator.php b/Service/CsrfRequestEvaluator.php
index 9d778cb..2ce77a4 100644
--- a/Service/CsrfRequestEvaluator.php
+++ b/Service/CsrfRequestEvaluator.php
@@ -102,7 +102,9 @@ public function getHeader(Request $request, ?Response $response): void
 
     public function isTokenValid(Request $request, bool $throwException = true): bool
     {
-        $token = $request->headers->get($this->cookieHeader);
+        $token = $request->headers->has($this->cookieHeader) ?
+            $request->headers->get($this->cookieHeader) :
+            $request->cookies->get($this->cookieHeader);
 
         if (empty($token)) {
             if ($throwException === false) {