diff --git a/src/routes/postBranding.ts b/src/routes/postBranding.ts
index 267f913..5ca8cb8 100644
--- a/src/routes/postBranding.ts
+++ b/src/routes/postBranding.ts
@@ -63,13 +63,15 @@ export async function postBranding(req: Request, res: Response) {
             userAgent,
             userAgentHeader: req.headers["user-agent"],
             videoDuration,
+            videoID,
             userID,
             service,
             dearrow: {
                 title,
                 thumbnail,
                 downvote,
-            }
+            },
+            endpoint: "dearrow-postBranding",
         })) {
             Logger.warn(`Rejecting submission based on invalid data: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]} ${title.title} ${thumbnail.timestamp}`);
             res.status(200).send("OK");
diff --git a/src/routes/postCasual.ts b/src/routes/postCasual.ts
index fae7471..b8a3cc4 100644
--- a/src/routes/postCasual.ts
+++ b/src/routes/postCasual.ts
@@ -14,6 +14,8 @@ import { QueryCacher } from "../utils/queryCacher";
 import { acquireLock } from "../utils/redisLock";
 import { checkBanStatus } from "../utils/checkBan";
 import { canSubmitDeArrow } from "../utils/permissions";
+import { isRequestInvalid } from "../utils/requestValidator";
+import { parseUserAgent } from "../utils/userAgent";
 
 interface ExistingVote {
     UUID: BrandingUUID;
@@ -22,6 +24,7 @@ interface ExistingVote {
 
 export async function postCasual(req: Request, res: Response) {
     const { videoID, userID, downvote } = req.body as CasualVoteSubmission;
+    const userAgent = req.body.userAgent ?? parseUserAgent(req.get("user-agent")) ?? "";
     let categories = req.body.categories as CasualCategory[];
     const title = (req.body.title as string)?.toLowerCase();
     const service = getService(req.body.service);
@@ -36,6 +39,19 @@ export async function postCasual(req: Request, res: Response) {
         return res.status(400).send("Bad Request");
     }
 
+    if (isRequestInvalid({
+        userID,
+        videoID,
+        userAgent,
+        userAgentHeader: req.headers["user-agent"],
+        casualCategories: categories,
+        service,
+        endpoint: "dearrow-postCasual",
+    })) {
+        Logger.warn(`Casual vote rejected by request validator: ${userAgent} ${req.headers["user-agent"]} ${categories} ${service} ${videoID}`);
+        return res.status(200).send("OK");
+    }
+
     try {
         const hashedUserID = await getHashCache(userID);
         const hashedVideoID = await getHashCache(videoID, 1);
@@ -134,4 +150,4 @@ async function handleExistingVotes(videoID: VideoID, service: Service, titleID:
         [videoID, service, titleID, hashedUserID, hashedIP, category, now]);
 
     return false;
-}
\ No newline at end of file
+}
diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts
index 533f043..6047587 100644
--- a/src/routes/postSkipSegments.ts
+++ b/src/routes/postSkipSegments.ts
@@ -514,9 +514,11 @@ export async function postSkipSegments(req: Request, res: Response): Promise<Res
         userAgent,
         userAgentHeader: req.headers["user-agent"],
         videoDuration,
+        videoID,
         userID: paramUserID,
         service,
         segments,
+        endpoint: "sponsorblock-postSkipSegments"
     })) {
         Logger.warn(`Rejecting submission based on invalid data: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
         return res.status(200).send("OK");
diff --git a/src/routes/setUsername.ts b/src/routes/setUsername.ts
index c7b189e..2e2232d 100644
--- a/src/routes/setUsername.ts
+++ b/src/routes/setUsername.ts
@@ -5,6 +5,7 @@ import { getHashCache } from "../utils/getHashCache";
 import { Request, Response } from "express";
 import { isUserBanned } from "../utils/checkBan";
 import { HashedUserID } from "../types/user.model";
+import { isRequestInvalid } from "../utils/requestValidator";
 
 function logUserNameChange(userID: string, newUserName: string, oldUserName: string, updatedByAdmin: boolean): Promise<Response>  {
     return privateDB.prepare("run",
@@ -15,7 +16,7 @@ function logUserNameChange(userID: string, newUserName: string, oldUserName: str
 
 export async function setUsername(req: Request, res: Response): Promise<Response> {
     const userIDInput = req.query.userID as string;
-    const adminUserIDInput = req.query.adminUserID as string;
+    const adminUserIDInput = req.query.adminUserID as string | undefined;
     let userName = req.query.username as string;
     let hashedUserID: HashedUserID;
 
@@ -29,16 +30,22 @@ export async function setUsername(req: Request, res: Response): Promise<Response
         return res.sendStatus(200);
     }
 
-    const timings = [Date.now()];
-
     // remove unicode control characters from username (example: \n, \r, \t etc.)
     // source: https://en.wikipedia.org/wiki/Control_character#In_Unicode
     // eslint-disable-next-line no-control-regex
     userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, "");
 
-    try {
-        timings.push(Date.now());
+    if (isRequestInvalid({
+        userAgentHeader: req.headers["user-agent"],
+        userID: adminUserIDInput ?? userIDInput,
+        newUsername: userName,
+        endpoint: "setUsername",
+    })) {
+        Logger.warn(`Username change rejected by request validator: ${userName} ${req.headers["user-agent"]}`);
+        return res.sendStatus(200);
+    }
 
+    try {
         if (adminUserIDInput != undefined) {
             //this is the admin controlling the other users account, don't hash the controling account's ID
             hashedUserID = userIDInput as HashedUserID;
@@ -55,15 +62,11 @@ export async function setUsername(req: Request, res: Response): Promise<Response
             //hash the userID
             hashedUserID = await getHashCache(userIDInput) as HashedUserID;
 
-            timings.push(Date.now());
-
             const row = await db.prepare("get", `SELECT count(*) as "userCount" FROM "userNames" WHERE "userID" = ? AND "locked" = 1`, [hashedUserID]);
             if (row.userCount > 0) {
                 return res.sendStatus(200);
             }
 
-            timings.push(Date.now());
-
             if (await isUserBanned(hashedUserID)) {
                 return res.sendStatus(200);
             }
@@ -80,8 +83,6 @@ export async function setUsername(req: Request, res: Response): Promise<Response
         const locked = adminUserIDInput === undefined ? 0 : 1;
         let oldUserName = "";
 
-        timings.push(Date.now());
-
         if (row?.userName !== undefined) {
             //already exists, update this row
             oldUserName = row.userName;
@@ -95,14 +96,9 @@ export async function setUsername(req: Request, res: Response): Promise<Response
             await db.prepare("run", `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [hashedUserID, userName, locked]);
         }
 
-        timings.push(Date.now());
-
         await logUserNameChange(hashedUserID, userName, oldUserName, adminUserIDInput !== undefined);
 
-        timings.push(Date.now());
-
-
-        return res.status(200).send(timings.join(", "));
+        return res.sendStatus(200);
     } catch (err) /* istanbul ignore next */ {
         Logger.error(err as string);
         return res.sendStatus(500);
diff --git a/src/types/config.model.ts b/src/types/config.model.ts
index f830c05..7295b56 100644
--- a/src/types/config.model.ts
+++ b/src/types/config.model.ts
@@ -43,24 +43,30 @@ export interface CustomPostgresReadOnlyConfig extends CustomPostgresConfig {
 
 export type ValidatorPattern = string | [string, string];
 export interface RequestValidatorRule {
-    // universal
+    // mostly universal
     userAgent?: ValidatorPattern;
     userAgentHeader?: ValidatorPattern;
     videoDuration?: ValidatorPattern;
+    videoID?: ValidatorPattern;
     userID?: ValidatorPattern;
     service?: ValidatorPattern;
-    // sb
+    endpoint?: ValidatorPattern;
+    // sb postSkipSegments
     startTime?: ValidatorPattern;
     endTime?: ValidatorPattern;
     category?: ValidatorPattern;
     actionType?: ValidatorPattern;
     description?: ValidatorPattern;
-    // dearrow
+    // dearrow postBranding
     title?: ValidatorPattern;
     titleOriginal?: boolean;
     thumbnailTimestamp?: ValidatorPattern;
     thumbnailOriginal?: boolean;
     dearrowDownvote?: boolean;
+    // postCasual
+    casualCategory?: ValidatorPattern;
+    // setUsername
+    newUsername?: ValidatorPattern;
 }
 
 export interface SBSConfig {
diff --git a/src/utils/requestValidator.ts b/src/utils/requestValidator.ts
index 786552f..9be58e3 100644
--- a/src/utils/requestValidator.ts
+++ b/src/utils/requestValidator.ts
@@ -1,5 +1,9 @@
 import { config } from "../config";
-import { ThumbnailSubmission, TitleSubmission } from "../types/branding.model";
+import {
+    CasualCategory,
+    ThumbnailSubmission,
+    TitleSubmission,
+} from "../types/branding.model";
 import { ValidatorPattern, RequestValidatorRule } from "../types/config.model";
 import { IncomingSegment } from "../types/segments.model";
 
@@ -7,6 +11,7 @@ export interface RequestValidatorInput {
     userAgent?: string;
     userAgentHeader?: string;
     videoDuration?: string | number;
+    videoID?: string;
     userID?: string;
     service?: string;
     segments?: IncomingSegment[];
@@ -15,10 +20,15 @@ export interface RequestValidatorInput {
         thumbnail?: ThumbnailSubmission;
         downvote: boolean;
     };
+    casualCategories?: CasualCategory[];
+    newUsername?: string;
+    endpoint?: string;
 }
 export type CompiledValidityCheck = (input: RequestValidatorInput) => boolean;
 type CompiledSegmentCheck = (input: IncomingSegment) => boolean;
-type InputExtractor = (input: RequestValidatorInput) => string | number | undefined | null;
+type InputExtractor = (
+    input: RequestValidatorInput,
+) => string | number | undefined | null;
 type SegmentExtractor = (input: IncomingSegment) => string | undefined | null;
 type BooleanRules = "titleOriginal" | "thumbnailOriginal" | "dearrowDownvote";
 type RuleEntry =
@@ -27,14 +37,17 @@ type RuleEntry =
 
 let compiledRules: CompiledValidityCheck;
 
+function patternToRegex(pattern: ValidatorPattern): RegExp {
+    return typeof pattern === "string"
+        ? new RegExp(pattern, "i")
+        : new RegExp(...pattern);
+}
+
 function compilePattern(
     pattern: ValidatorPattern,
     extractor: InputExtractor,
 ): CompiledValidityCheck {
-    const regex =
-        typeof pattern === "string"
-            ? new RegExp(pattern, "i")
-            : new RegExp(...pattern);
+    const regex = patternToRegex(pattern);
 
     return (input: RequestValidatorInput) => {
         const field = extractor(input);
@@ -47,10 +60,7 @@ function compileSegmentPattern(
     pattern: ValidatorPattern,
     extractor: SegmentExtractor,
 ): CompiledSegmentCheck {
-    const regex =
-        typeof pattern === "string"
-            ? new RegExp(pattern, "i")
-            : new RegExp(...pattern);
+    const regex = patternToRegex(pattern);
 
     return (input: IncomingSegment) => {
         const field = extractor(input);
@@ -93,6 +103,11 @@ export function compileRules(
                         ),
                     );
                     break;
+                case "videoID":
+                    ruleComponents.push(
+                        compilePattern(rulePattern, (input) => input.videoID),
+                    );
+                    break;
                 case "userID":
                     ruleComponents.push(
                         compilePattern(rulePattern, (input) => input.userID),
@@ -153,7 +168,8 @@ export function compileRules(
                     break;
                 case "titleOriginal":
                     ruleComponents.push(
-                        (input) => input.dearrow?.title?.original === rulePattern,
+                        (input) =>
+                            input.dearrow?.title?.original === rulePattern,
                     );
                     break;
                 case "thumbnailTimestamp":
@@ -172,10 +188,39 @@ export function compileRules(
                     break;
                 case "dearrowDownvote":
                     ruleComponents.push(
-                        (input) =>
-                            input.dearrow?.downvote === rulePattern,
+                        (input) => input.dearrow?.downvote === rulePattern,
                     );
                     break;
+                case "newUsername":
+                    ruleComponents.push(
+                        compilePattern(
+                            rulePattern,
+                            (input) => input.newUsername,
+                        ),
+                    );
+                    break;
+                case "endpoint":
+                    ruleComponents.push(
+                        compilePattern(rulePattern, (input) => input.endpoint),
+                    );
+                    break;
+                case "casualCategory": {
+                    const regex = patternToRegex(rulePattern);
+                    ruleComponents.push((input) => {
+                        if (input.casualCategories === undefined) {
+                            return false;
+                        }
+                        for (const category of input.casualCategories) {
+                            if (regex.test(category)) return true;
+                        }
+                        return false;
+                    });
+                    break;
+                }
+                default: {
+                    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                    const _exhaustive: never = ruleKey;
+                }
             }
         }
         if (segmentRuleComponents.length > 0) {