diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index bf40d7a9..6a11e483 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1011,6 +1011,7 @@ function mod_user_posts_by_ip(Context $ctx, string $ip, string $encoded_cursor =
     }
 
     $args['boards'] = $boards;
+    $args['token'] = make_secure_link_token('ban');
 
     // Since the security token is only used to send requests to create notes and remove bans, use "?/IP/" as the url.
     if (empty($encoded_cursor)) {
@@ -1081,6 +1082,7 @@ function mod_user_posts_by_passwd(Context $ctx, string $passwd, string $encoded_
     }
 
     $args['boards'] = $boards;
+    $args['token'] = make_secure_link_token('ban');
 
     if (empty($encoded_cursor)) {
         $args['security_token'] = make_secure_link_token("user_posts/passwd/$passwd");