diff --git a/integration/envoy.yml b/integration/envoy.yml
index 01725e8..03dc841 100644
--- a/integration/envoy.yml
+++ b/integration/envoy.yml
@@ -40,7 +40,7 @@ static_resources:
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz"
                       transport_api_version: "v3"
                       http_service:
-                        path_prefix: "/api/auth/envoy"
+                        path_prefix: "/api/auth/envoy?path="
                         server_uri:
                           uri: "tinyauth:3000"
                           cluster: "tinyauth"
@@ -51,10 +51,13 @@ static_resources:
                               - exact: "authorization"
                               - exact: "accept"
                               - exact: "cookie"
-                              - exact: "location"
                           headers_to_add:
-                            - key: "X-Forwarded-Proto"
+                            - key: "x-forwarded-proto"
                               value: "%REQ(:SCHEME)%"
+                            - key: "x-forwarded-host"
+                              value: "%REQ(:AUTHORITY)%"
+                            - key: "x-forwarded-uri"
+                              value: "%REQ(:PATH)%"
                         authorization_response:
                           allowed_upstream_headers:
                             patterns:
@@ -62,9 +65,11 @@ static_resources:
                           allowed_client_headers:
                             patterns:
                               - exact: "set-cookie"
+                              - exact: "location"
                           allowed_client_headers_on_success:
                             patterns:
                               - exact: "set-cookie"
+                              - exact: "location"
                       failure_mode_allow: false
                   - name: "envoy.filters.http.router"
                     typed_config:
@@ -98,14 +103,3 @@ static_resources:
                     socket_address:
                       address: "tinyauth"
                       port_value: 3000
-layered_runtime:
-  layers:
-    - name: "static_layer_0"
-      static_layer:
-        envoy:
-          resource_limits:
-            listener:
-              example_listener_name:
-                connection_limit: 10000
-        overload:
-          global_downstream_max_connections: 50000
diff --git a/integration/integration.go b/integration/integration.go
index 9d3724e..72d4419 100644
--- a/integration/integration.go
+++ b/integration/integration.go
@@ -13,7 +13,7 @@ import (
 	"time"
 )
 
-var ProxiesToTest = []string{"traefik", "nginx"}
+var ProxiesToTest = []string{"traefik", "nginx", "envoy"}
 
 const (
 	EnvFile    = ".env"
diff --git a/integration/nginx.conf b/integration/nginx.conf
index a9fd268..91964ec 100644
--- a/integration/nginx.conf
+++ b/integration/nginx.conf
@@ -25,6 +25,9 @@ server {
         internal;
         proxy_pass http://tinyauth:3000/api/auth/nginx;
         proxy_set_header x-original-url $scheme://$http_host$request_uri;
+        proxy_set_header x-forwarded-proto $scheme;
+        proxy_set_header x-forwarded-host $host;
+        proxy_set_header x-forwarded-uri $request_uri;
     }
 
     location @tinyauth_login {