diff --git a/test/unit/s3gateway_test.js b/test/unit/s3gateway_test.js
index 20ffe63b..45c0e44e 100755
--- a/test/unit/s3gateway_test.js
+++ b/test/unit/s3gateway_test.js
@@ -150,6 +150,45 @@ function testEditHeaders() {
     }
 }
 
+function testEditHeadersWithAllowedPrefixes() {
+    printHeader('testEditHeadersWithAllowedPrefixes');
+
+    process.env['HEADER_PREFIXES_ALLOWED'] = 'x-amz-'
+    const r = {
+        "headersOut": {
+            "Accept-Ranges": "bytes",
+            "Content-Length": 42,
+            "Content-Security-Policy": "block-all-mixed-content",
+            "Content-Type": "text/plain",
+            "X-Amz-Bucket-Region": "us-east-1",
+            "X-Amz-Request-Id": "166539E18A46500A",
+            "X-Xss-Protection": "1; mode=block"
+        },
+        "variables": {
+            "uri_path": "/a/c/ramen.jpg"
+        },
+    }
+
+    r.log = function(msg) {
+        console.log(msg);
+    }
+
+    s3gateway.editHeaders(r);
+    
+    let found_headers_x_amz_ = 0
+    for (const key in r.headersOut) {
+        if (key.toLowerCase().indexOf("x-amz", 0) == 0) {
+            found_headers_x_amz_++;
+        }
+    }
+
+    if (found_headers_x_amz_ != 2)
+        throw "x-amz header stripped from headers, should allow those 2 headers";
+
+    delete process.env['HEADER_PREFIXES_ALLOWED']
+        
+}
+
 
 function testEditHeadersHeadDirectory() {
     printHeader('testEditHeadersHeadDirectory');