diff --git a/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs b/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
index 2b8cf513..39c5181d 100644
--- a/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
+++ b/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
@@ -17,6 +17,11 @@ public sealed class KeycloakAuthorizationServerOptions : KeycloakInstallationOpt
     /// </summary>
     public string SourceAuthenticationScheme { get; set; } = "Bearer";
 
+    /// <summary>
+    /// Controls if <see cref="AccessTokenPropagationHandler"/> is added to the <see cref="IAuthorizationServerClient"/>
+    /// </summary>
+    public static bool DisableHeaderPropagation { get; set; }
+
     /// <summary>
     /// Gets or sets a value indicating whether to use the protected resource policy provider.
     /// </summary>
diff --git a/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs b/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
index 683c34c2..91f67a61 100644
--- a/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
+++ b/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
@@ -23,7 +23,7 @@ public ProtectedResourcePolicyProvider(IOptions<AuthorizationOptions> options)
             return registeredPolicy;
         }
 
-        // TODO: policy should be cached and managed properly, not production ready
+        // Policy should be cached and managed properly, probably not production ready
         // https://0xnf.github.io/posts/oauthserver/15/#dynamically-handling-policies
         var builder = new AuthorizationPolicyBuilder();
         var tokens = policyName.Split('#');
diff --git a/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs b/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
index d8fdbe0f..ddbe3870 100644
--- a/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
@@ -145,7 +145,14 @@ public static IHttpClientBuilder AddAuthorizationServer(
             services.AddSingleton<IAuthorizationPolicyProvider, ProtectedResourcePolicyProvider>();
         }
 
-        return services.AddAuthorizationServerClient(configureClient).AddHeaderPropagation();
+        var builder = services.AddAuthorizationServerClient(configureClient);
+
+        if (!KeycloakAuthorizationServerOptions.DisableHeaderPropagation)
+        {
+            builder.AddHeaderPropagation();
+        }
+
+        return builder;
     }
 
     /// <summary>