diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9caf60653..60a4e6e85 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+11.7.0
+-----
+* Move ExtensionVerificationController from engine to app controllers, as being in the engine makes ActionController::Base get loaded before app initiates [#855](https://github.com/Shopify/shopify_app/pull/855)
+
 11.6.0
 -----
 * Enable SameSite=None; Secure by default on all cookies for embedded apps [#851](https://github.com/Shopify/shopify_app/pull/851)
diff --git a/app/controllers/shopify_app/extension_verification_controller.rb b/app/controllers/shopify_app/extension_verification_controller.rb
new file mode 100644
index 000000000..e06c61069
--- /dev/null
+++ b/app/controllers/shopify_app/extension_verification_controller.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class ExtensionVerificationController < ActionController::Base
+    protect_from_forgery with: :null_session
+    before_action :verify_request
+
+    private
+
+    def verify_request
+      hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
+      request_body = request.body.read
+      secret = ShopifyApp.configuration.secret
+      digest = OpenSSL::Digest.new('sha256')
+
+      expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
+      head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
+    end
+  end
+end
diff --git a/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb b/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
index fca3a3d03..98873b195 100644
--- a/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
+++ b/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class MarketingActivitiesController < ExtensionVerificationController
+class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
   def preload_form_data
     preload_data = {
       "form_data": {
diff --git a/lib/shopify_app.rb b/lib/shopify_app.rb
index b3b58a664..9de1736e3 100644
--- a/lib/shopify_app.rb
+++ b/lib/shopify_app.rb
@@ -24,9 +24,6 @@ def self.use_webpacker?
   # utils
   require 'shopify_app/utils'
 
-  # controllers
-  require 'shopify_app/controllers/extension_verification_controller'
-
   # controller concerns
   require 'shopify_app/controller_concerns/localization'
   require 'shopify_app/controller_concerns/itp'
diff --git a/lib/shopify_app/controllers/extension_verification_controller.rb b/lib/shopify_app/controllers/extension_verification_controller.rb
deleted file mode 100644
index 25836ed4b..000000000
--- a/lib/shopify_app/controllers/extension_verification_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-class ExtensionVerificationController < ActionController::Base
-  protect_from_forgery with: :null_session
-  before_action :verify_request
-
-  private
-
-  def verify_request
-    hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
-    request_body = request.body.read
-    secret = ShopifyApp.configuration.secret
-    digest = OpenSSL::Digest.new('sha256')
-
-    expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
-    head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
-  end
-end
diff --git a/lib/shopify_app/version.rb b/lib/shopify_app/version.rb
index 2b23f689e..dfd9cc19c 100644
--- a/lib/shopify_app/version.rb
+++ b/lib/shopify_app/version.rb
@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '11.6.0'.freeze
+  VERSION = '11.7.0'.freeze
 end
diff --git a/test/shopify_app/controllers/extension_verification_controller_test.rb b/test/controllers/extension_verification_controller_test.rb
similarity index 94%
rename from test/shopify_app/controllers/extension_verification_controller_test.rb
rename to test/controllers/extension_verification_controller_test.rb
index b315f0c9f..c31403b34 100644
--- a/test/shopify_app/controllers/extension_verification_controller_test.rb
+++ b/test/controllers/extension_verification_controller_test.rb
@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class ExtensionController < ExtensionVerificationController
+class ExtensionController < ShopifyApp::ExtensionVerificationController
   def extension_action
     head :ok
   end
diff --git a/test/generators/add_marketing_activity_extension_generator_test.rb b/test/generators/add_marketing_activity_extension_generator_test.rb
index ed87c0b8e..af59441ac 100644
--- a/test/generators/add_marketing_activity_extension_generator_test.rb
+++ b/test/generators/add_marketing_activity_extension_generator_test.rb
@@ -11,7 +11,7 @@ class AddMarketingActivityExtensionGeneratorTest < Rails::Generators::TestCase
     run_generator
 
     assert_file "app/controllers/marketing_activities_controller.rb" do |controller|
-      assert_match 'class MarketingActivitiesController < ExtensionVerificationController', controller
+      assert_match 'class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController', controller
     end
   end