diff --git a/mellon/middleware.py b/mellon/middleware.py
index 9bc5ac8..76441f9 100644
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@@ -47,8 +47,8 @@ class PassiveAuthenticationMiddleware(MiddlewareMixin):
         if request.headers.get('x-requested-with') == 'XMLHttpRequest':
             return
         # Skip AJAX and media/script requests, unless mellon_no_passive is False on the view
-        if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.META.get(
-            'HTTP_ACCEPT', ''
+        if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.headers.get(
+            'Accept', ''
         ):
             return
         # Skip views asking to be skiped
diff --git a/mellon/views.py b/mellon/views.py
index e993378..afccb69 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -722,7 +722,7 @@ class LogoutView(ProfileMixin, LogMixin, View):
     def sp_logout_request(self, request):
         '''Launch a logout request to the identity provider'''
         next_url = request.GET.get(REDIRECT_FIELD_NAME)
-        referer = request.META.get('HTTP_REFERER')
+        referer = request.headers.get('Referer')
         if not referer or utils.same_origin(referer, request.build_absolute_uri()):
             if hasattr(request, 'user') and request.user.is_authenticated:
                 logout = None