diff --git a/gateway/application.yaml b/gateway/application.yaml
index 2614fec..a87bce1 100644
--- a/gateway/application.yaml
+++ b/gateway/application.yaml
@@ -22,6 +22,7 @@ spring:
         # AddSecHeaders appends sec-* headers to proxied requests based on the currently authenticated user
         - AddSecHeaders
         - PreserveHostHeader
+        - LoginParamRedirect #redirects all request with a ?login query param to /login
       filter:
         secure-headers:
-          referrer-policy: strict-origin
\ No newline at end of file
+          referrer-policy: strict-origin
diff --git a/gateway/security.yaml b/gateway/security.yaml
index bcced76..e2eb6bd 100644
--- a/gateway/security.yaml
+++ b/gateway/security.yaml
@@ -1,6 +1,14 @@
 georchestra:
   gateway:
     security:
+      header-authentication:
+        # If enabled, pre-authentication is enabled and can be performed by passing
+        # true to the sec-georchestra-preauthenticated request header, and user details
+        # through the following request headers: preauth-username, preauth-firstname,
+        # preauth-lastname, preauth-org, preauth-email, preauth-roles.
+        # In such case, it is crucial for the reverse proxy in front of the gateway to
+        # sanitize the mentioned request headers to prevent external impersonation.
+        enabled: false
       createNonExistingUsersInLDAP: true
       enableRabbitmqEvents: true
       oauth2: