diff --git a/modules/account/src/main/scala/de/nowchess/account/client/CoreGameClient.scala b/modules/account/src/main/scala/de/nowchess/account/client/CoreGameClient.scala
index 648b83b..e75a5bd 100644
--- a/modules/account/src/main/scala/de/nowchess/account/client/CoreGameClient.scala
+++ b/modules/account/src/main/scala/de/nowchess/account/client/CoreGameClient.scala
@@ -1,9 +1,9 @@
 package de.nowchess.account.client
 
-import de.nowchess.security.InternalSecretClientFilter
+import de.nowchess.security.{InternalClientHeadersFactory, InternalSecretClientFilter}
 import jakarta.ws.rs.*
 import jakarta.ws.rs.core.MediaType
-import org.eclipse.microprofile.rest.client.annotation.RegisterProvider
+import org.eclipse.microprofile.rest.client.annotation.{RegisterClientHeaders, RegisterProvider}
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient
 
 case class CorePlayerInfo(id: String, displayName: String)
@@ -19,6 +19,7 @@ case class CoreGameResponse(gameId: String)
 @Path("/api/board/game")
 @RegisterRestClient(configKey = "core-service")
 @RegisterProvider(classOf[InternalSecretClientFilter])
+@RegisterClientHeaders(classOf[InternalClientHeadersFactory])
 trait CoreGameClient:
 
   @POST
diff --git a/modules/security/src/main/scala/de/nowchess/security/InternalClientHeadersFactory.scala b/modules/security/src/main/scala/de/nowchess/security/InternalClientHeadersFactory.scala
new file mode 100644
index 0000000..531c081
--- /dev/null
+++ b/modules/security/src/main/scala/de/nowchess/security/InternalClientHeadersFactory.scala
@@ -0,0 +1,27 @@
+package de.nowchess.security
+
+import jakarta.enterprise.context.ApplicationScoped
+import jakarta.ws.rs.core.MultivaluedMap
+import org.eclipse.microprofile.config.inject.ConfigProperty
+import org.eclipse.microprofile.rest.client.ext.DefaultClientHeadersFactoryImpl
+
+import scala.compiletime.uninitialized
+
+@ApplicationScoped
+class InternalClientHeadersFactory extends DefaultClientHeadersFactoryImpl {
+
+  @ConfigProperty(name = "nowchess.internal.secret", defaultValue = "")
+  // scalafix:off DisableSyntax.var
+  var secret: String = uninitialized
+
+  @ConfigProperty(name = "nowchess.internal.auth.enabled", defaultValue = "true")
+  var authEnabled: Boolean = uninitialized
+  // scalafix:on DisableSyntax.var
+
+  override def update(incomingHeaders: MultivaluedMap[String, String], clientOutgoingHeaders: MultivaluedMap[String, String]): MultivaluedMap[String, String] = {
+    val default = super.update(incomingHeaders, clientOutgoingHeaders)
+    default.putSingle("X-Internal-Secret", secret)
+    default
+  }
+
+}