diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
index 4a1a68a1217..311b7316a9e 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php
@@ -78,6 +78,19 @@ public function performValidation($validateFullModel = false)
                         $messages->appendMessage(new Message(gettext('Illegal characters in token'), $ref . '.authtype'));
                     }
                     break;
+                case 'Header':
+                    if (empty($username) || empty($password)) {
+                        $messages->appendMessage(new Message(gettext('Please provide a header key and value when Header auth is selected'), $ref . '.authtype'));
+                    } elseif (strlen($username) > 255) {
+                        $messages->appendMessage(new Message(gettext('Invalid key length'), $ref . '.authtype'));
+                    } elseif (strlen($password) > 512) {
+                        $messages->appendMessage(new Message(gettext('Invalid value length'), $ref . '.authtype'));
+                    } elseif (!preg_match('/^[A-Za-z0-9-_.]+$/', $username)) {
+                        $messages->appendMessage(new Message(gettext('Illegal characters in key'), $ref . '.authtype'));
+                    } elseif (!preg_match('/^[A-Za-z0-9-_.]+$/', $password)) {
+                        $messages->appendMessage(new Message(gettext('Illegal characters in value'), $ref . '.authtype'));
+                    }
+                    break;
             }
         }
 
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
index 1a89b044744..4a4ee685b32 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
@@ -75,6 +75,7 @@
                     <OptionValues>
                         <Basic>Basic</Basic>
                         <Bearer>Bearer</Bearer>
+                        <Header>Header</Header>
                     </OptionValues>
                 </authtype>
                 <categories type="ModelRelationField">
diff --git a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
index c746430d78a..c0b334db3e7 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
@@ -378,6 +378,10 @@
                             case 'Bearer':
                                 $("#alias\\.password").show().attr('placeholder', '{{lang._('API token')}}');
                                 break;
+                            case 'Header':
+                                $("#alias\\.username").show().attr('placeholder', '{{lang._('HTTP Header')}}');
+                                $("#alias\\.password").show().attr('placeholder', '{{lang._('API token')}}');
+                                break;
                         }
                     });
                     $("#alias\\.authtype").change();
diff --git a/src/opnsense/scripts/filter/lib/alias/uri.py b/src/opnsense/scripts/filter/lib/alias/uri.py
index bd385ba89a6..c44667e556b 100755
--- a/src/opnsense/scripts/filter/lib/alias/uri.py
+++ b/src/opnsense/scripts/filter/lib/alias/uri.py
@@ -71,6 +71,8 @@ def iter_addresses(self, url):
                 req_opts['auth'] = requests.auth.HTTPBasicAuth(self._username, self._password)
             elif self._authtype == 'Bearer':
                 req_opts['headers']['Authorization'] = f'Bearer {self._password}'
+            elif self._authtype == 'Header' and self._username is not None:
+                req_opts['headers'][self._username] = self._password
 
         # fetch data
         try: