diff --git a/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStatelessServerTransport.java b/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStatelessServerTransport.java
index 047aeebe8..876bb5e87 100644
--- a/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStatelessServerTransport.java
+++ b/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStatelessServerTransport.java
@@ -142,6 +142,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 			return;
 		}
 
+		String contentType = request.getContentType();
+		if (contentType == null || !contentType.startsWith(APPLICATION_JSON)) {
+			response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Content-Type must be application/json");
+			return;
+		}
+
 		McpTransportContext transportContext = this.contextExtractor.extract(request);
 
 		String accept = request.getHeader(ACCEPT);
diff --git a/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java b/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java
index 9a785e150..83872ae76 100644
--- a/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java
+++ b/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java
@@ -415,6 +415,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 			return;
 		}
 
+		String contentType = request.getContentType();
+		if (contentType == null || !contentType.startsWith(APPLICATION_JSON)) {
+			response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Content-Type must be application/json");
+			return;
+		}
+
 		List<String> badRequestErrors = new ArrayList<>();
 
 		String accept = request.getHeader(ACCEPT);
@@ -450,6 +456,17 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 				McpSchema.InitializeRequest initializeRequest = jsonMapper.convertValue(jsonrpcRequest.params(),
 						new TypeRef<McpSchema.InitializeRequest>() {
 						});
+
+				String headerVersion = request.getHeader(HttpHeaders.PROTOCOL_VERSION);
+				if (headerVersion != null && !headerVersion.equals(initializeRequest.protocolVersion())) {
+					this.responseError(response, HttpServletResponse.SC_BAD_REQUEST, McpError
+						.builder(McpSchema.ErrorCodes.INVALID_REQUEST)
+						.message("MCP-Protocol-Version header '" + headerVersion
+								+ "' does not match body protocolVersion '" + initializeRequest.protocolVersion() + "'")
+						.build());
+					return;
+				}
+
 				McpStreamableServerSession.McpStreamableServerSessionInit init = this.sessionFactory
 					.startSession(initializeRequest);
 				this.sessions.put(init.session().getId(), init.session());