diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 6503d6db0b5fd82c7c3c59a02ae17ad0449e241b..bf553a0531c907ad71386741e4342af6583b965d 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -2261,8 +2261,10 @@ function drupal_valid_test_ua($user_agent) {
   // The file properties add more entropy not easily accessible to others.
   $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
   $key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath);
-  // The HMAC must match.
-  return $hmac == drupal_hmac_base64($check_string, $key);
+  $time_diff = REQUEST_TIME - $time;
+  // Since we are making a local request a 5 second time window is allowed,
+  // and the HMAC must match.
+  return ($time_diff >= 0) && ($time_diff <= 5) && ($hmac == drupal_hmac_base64($check_string, $key));
 }
 
 /**