diff --git a/ql/test/experimental/CWE-807/SensitiveConditionBypass.expected b/ql/test/experimental/CWE-807/SensitiveConditionBypass.expected
new file mode 100644
index 00000000000..a9dbfa8f426
--- /dev/null
+++ b/ql/test/experimental/CWE-807/SensitiveConditionBypass.expected
@@ -0,0 +1,4 @@
+| SensitiveConditionBypassBad.go:7:5:7:39 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:16:5:16:34 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:25:5:25:35 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:34:5:34:35 | ...!=... | This sensitive comparision check can potentially be bypassed. |
diff --git a/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go b/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
new file mode 100644
index 00000000000..bf8e70f88b7
--- /dev/null
+++ b/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
@@ -0,0 +1,10 @@
+package main
+
+import "net/http"
+
+func example(w http.ResponseWriter, r *http.Request) {
+	test2 := "test"
+	if r.Header.Get("X-Password") != test2 {
+		login()
+	}
+}
diff --git a/ql/test/experimental/CWE-807/condition.go b/ql/test/experimental/CWE-807/condition.go
index ff12dfbea0f..ecd6b0a9f2a 100644
--- a/ql/test/experimental/CWE-807/condition.go
+++ b/ql/test/experimental/CWE-807/condition.go
@@ -9,7 +9,7 @@ func use(xs ...interface{})      {}
 func t(xs ...interface{}) string { return "sadsad" }
 func login(xs ...interface{})    {}
 
-var test = "localhost"
+const test = "localhost"
 
 // Should alert as authkey is sensitive
 func ex1(w http.ResponseWriter, r *http.Request) {