diff --git a/gateway/types/readconfig.go b/gateway/types/readconfig.go
index 981efb14..68873447 100644
--- a/gateway/types/readconfig.go
+++ b/gateway/types/readconfig.go
@@ -137,6 +137,9 @@ func (ReadConfig) Read(hasEnv HasEnv) GatewayConfig {
 		}
 	}
 
+	cfg.AuthProxyURL = hasEnv.Getenv("auth_proxy_url")
+	cfg.AuthProxyPassBody = parseBoolValue(hasEnv.Getenv("auth_proxy_pass_body"))
+
 	return cfg
 }
 
@@ -182,9 +185,17 @@ type GatewayConfig struct {
 	// Enable the gateway to scale any service from 0 replicas to its configured "min replicas"
 	ScaleFromZero bool
 
+	// MaxIdleConns with a default value of 1024, can be used for tuning HTTP proxy performance
 	MaxIdleConns int
 
+	// MaxIdleConnsPerHost with a default value of 1024, can be used for tuning HTTP proxy performance
 	MaxIdleConnsPerHost int
+
+	// AuthProxyURL specifies URL for an authenticating proxy, disabled when blank, enabled when valid URL i.e. http://basic-auth.openfaas:8080/validate
+	AuthProxyURL string
+
+	// AuthProxyPassBody pass body to validation proxy
+	AuthProxyPassBody bool
 }
 
 // UseNATS Use NATSor not
diff --git a/gateway/types/readconfig_test.go b/gateway/types/readconfig_test.go
index d4b5fefc..4a8ccdea 100644
--- a/gateway/types/readconfig_test.go
+++ b/gateway/types/readconfig_test.go
@@ -299,3 +299,45 @@ func TestRead_MaxIdleConns_Override(t *testing.T) {
 		t.Fail()
 	}
 }
+
+func TestRead_AuthProxy_Defaults(t *testing.T) {
+	defaults := NewEnvBucket()
+
+	readConfig := ReadConfig{}
+	wantURL := ""
+	wantBody := false
+
+	config := readConfig.Read(defaults)
+
+	if config.AuthProxyPassBody != wantBody {
+		t.Logf("config.AuthProxyPassBody, want: %t, got: %t\n", wantBody, config.AuthProxyPassBody)
+		t.Fail()
+	}
+
+	if config.AuthProxyURL != wantURL {
+		t.Logf("config.AuthProxyURL, want: %s, got: %s\n", wantURL, config.AuthProxyURL)
+		t.Fail()
+	}
+}
+
+func TestRead_AuthProxy_DefaultsOverrides(t *testing.T) {
+	defaults := NewEnvBucket()
+
+	readConfig := ReadConfig{}
+	wantURL := "http://auth.openfaas:8080/validate"
+	wantBody := true
+	defaults.Setenv("auth_proxy_url", wantURL)
+	defaults.Setenv("auth_proxy_pass_body", fmt.Sprintf("%t", wantBody))
+
+	config := readConfig.Read(defaults)
+
+	if config.AuthProxyPassBody != wantBody {
+		t.Logf("config.AuthProxyPassBody, want: %t, got: %t\n", wantBody, config.AuthProxyPassBody)
+		t.Fail()
+	}
+
+	if config.AuthProxyURL != wantURL {
+		t.Logf("config.AuthProxyURL, want: %s, got: %s\n", wantURL, config.AuthProxyURL)
+		t.Fail()
+	}
+}