diff --git a/src/Fields/Validator.php b/src/Fields/Validator.php
index f4dec57d112..175fa13854a 100644
--- a/src/Fields/Validator.php
+++ b/src/Fields/Validator.php
@@ -2,7 +2,6 @@
 
 namespace Statamic\Fields;
 
-use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Validator as LaravelValidator;
 use Statamic\Support\Arr;
 use Statamic\Support\Str;
@@ -186,12 +185,10 @@ public function filterPrecognitiveRules($rules)
     {
         $request = request();
 
-        if (! $request->headers->has('Precognition-Validate-Only')) {
+        if (! $request->isPrecognitive()) {
             return $rules;
         }
 
-        return Collection::make($rules)
-            ->only(explode(',', $request->header('Precognition-Validate-Only')))
-            ->all();
+        return $request->filterPrecognitiveRules($rules);
     }
 }
diff --git a/tests/Tags/Form/FormCreateAlpineTest.php b/tests/Tags/Form/FormCreateAlpineTest.php
index 5c7a345b39e..bb2b56c327f 100644
--- a/tests/Tags/Form/FormCreateAlpineTest.php
+++ b/tests/Tags/Form/FormCreateAlpineTest.php
@@ -3,6 +3,7 @@
 namespace Tests\Tags\Form;
 
 use PHPUnit\Framework\Attributes\Test;
+use Statamic\Facades\Form;
 use Statamic\Statamic;
 
 class FormCreateAlpineTest extends FormTestCase
@@ -932,6 +933,32 @@ public function it_dynamically_renders_precognition_text_field_x_on_change()
         $this->assertFieldRendersHtml(['<input id="[[form-handle]]-form-name-field" type="text" name="name" value="" x-model="form.name" @change="form.validate(\'name\')">'], $config, [], ['js' => 'alpine_precognition']);
     }
 
+    #[Test]
+    public function it_validates_precognitive_requests()
+    {
+        $this
+            ->withPrecognition()
+            ->withHeaders(['Precognition-Validate-Only' => 'email'])
+            ->postJson('/!/forms/contact', ['email' => ''])
+            ->assertStatus(422)
+            ->assertJsonValidationErrors(['email'])
+            ->assertJsonMissingValidationErrors(['message']);
+    }
+
+    #[Test]
+    public function it_wont_submit_form_when_precognition_validate_only_header_is_spoofed()
+    {
+        $this->assertEmpty(Form::find('contact')->submissions());
+
+        $this
+            ->withHeaders(['Precognition-Validate-Only' => 'foo'])
+            ->post('/!/forms/contact', [])
+            ->assertSessionHasErrors(['email'], null, 'form.contact')
+            ->assertLocation('/');
+
+        $this->assertEmpty(Form::find('contact')->submissions());
+    }
+
     private function jsonEncode($data)
     {
         return Statamic::modify($data)->toJson()->entities();