diff --git a/src/commands/proxy.js b/src/commands/proxy.js
index a9f7eb9..72f16c6 100644
--- a/src/commands/proxy.js
+++ b/src/commands/proxy.js
@@ -332,6 +332,7 @@ function runAuthorizer (
   // https://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
   // @TODO: correctly handle 401, 403, 500 response as described in the documentation
 
+  debug('Authorizer event', event);
   const token = event.params.header.token;
   log(`   🔒 Invoking authorizer, token = ${util.inspect(token)}`.yellow.dim);
 
diff --git a/src/factories/__snapshots__/primaryTemplate.spec.js.snap b/src/factories/__snapshots__/primaryTemplate.spec.js.snap
index 3190a6f..6509053 100644
--- a/src/factories/__snapshots__/primaryTemplate.spec.js.snap
+++ b/src/factories/__snapshots__/primaryTemplate.spec.js.snap
@@ -276,7 +276,8 @@ module.exports[`primary template builder`] = {
                   "origin",
                   "referer",
                   "access-control-request-headers",
-                  "access-control-request-method"
+                  "access-control-request-method",
+                  "token"
                 ]
               },
               "ViewerProtocolPolicy": "allow-all",
@@ -674,7 +675,8 @@ module.exports[`primary template builder`] = {
                     `origin`,
                     `referer`,
                     `access-control-request-headers`,
-                    `access-control-request-method`
+                    `access-control-request-method`,
+                    `token`
                   ]
                 },
                 ViewerProtocolPolicy: `allow-all`,
diff --git a/src/factories/cf_cloudfront.js b/src/factories/cf_cloudfront.js
index 383c794..2d376d1 100644
--- a/src/factories/cf_cloudfront.js
+++ b/src/factories/cf_cloudfront.js
@@ -10,7 +10,8 @@ export const WHITELISTED_HEADERS = [
   'origin',
   'referer',
   'access-control-request-headers',
-  'access-control-request-method'
+  'access-control-request-method',
+  'token'
 ];
 
 // WebACL
diff --git a/src/factories/cf_cloudfront.spec.js b/src/factories/cf_cloudfront.spec.js
index 06a13bc..bd9dfd5 100644
--- a/src/factories/cf_cloudfront.spec.js
+++ b/src/factories/cf_cloudfront.spec.js
@@ -44,7 +44,8 @@ test('templateCloudfrontDistribution without WebACL', t => {
                 'origin',
                 'referer',
                 'access-control-request-headers',
-                'access-control-request-method'
+                'access-control-request-method',
+                'token'
               ],
               QueryString: 'true'
             },
@@ -155,7 +156,8 @@ test('templateCloudfrontDistribution without aliases', t => {
                 'origin',
                 'referer',
                 'access-control-request-headers',
-                'access-control-request-method'
+                'access-control-request-method',
+                'token'
               ],
               QueryString: 'true'
             },
@@ -248,7 +250,8 @@ test('templateCloudfrontDistribution with root origin set to assets', t => {
                   'origin',
                   'referer',
                   'access-control-request-headers',
-                  'access-control-request-method'
+                  'access-control-request-method',
+                  'token'
                 ],
                 QueryString: 'true'
               },
@@ -379,7 +382,8 @@ test('templateCloudfrontDistribution with WebACL', t => {
                 'origin',
                 'referer',
                 'access-control-request-headers',
-                'access-control-request-method'
+                'access-control-request-method',
+                'token'
               ],
               QueryString: 'true'
             },