diff --git a/authentik/providers/proxy/controllers/k8s/traefik.py b/authentik/providers/proxy/controllers/k8s/traefik.py
index 623c343a8..0e87eb2be 100644
--- a/authentik/providers/proxy/controllers/k8s/traefik.py
+++ b/authentik/providers/proxy/controllers/k8s/traefik.py
@@ -20,7 +20,7 @@ class TraefikMiddlewareSpecForwardAuth:
 
     address: str
     # pylint: disable=invalid-name
-    authResponseHeaders: list[str]
+    authResponseHeadersRegex: str
     # pylint: disable=invalid-name
     trustForwardHeader: bool
 
@@ -108,21 +108,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
             spec=TraefikMiddlewareSpec(
                 forwardAuth=TraefikMiddlewareSpecForwardAuth(
                     address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
-                    authResponseHeaders=[
-                        "Set-Cookie",
-                        # Legacy headers, remove after 2022.1
-                        "X-Auth-Username",
-                        "X-Auth-Groups",
-                        "X-Forwarded-Email",
-                        "X-Forwarded-Preferred-Username",
-                        "X-Forwarded-User",
-                        # New headers, unique prefix
-                        "X-authentik-username",
-                        "X-authentik-groups",
-                        "X-authentik-email",
-                        "X-authentik-name",
-                        "X-authentik-uid",
-                    ],
+                    authResponseHeadersRegex="^.*$",
                     trustForwardHeader=True,
                 )
             ),
diff --git a/website/docs/providers/proxy/_traefik_compose.md b/website/docs/providers/proxy/_traefik_compose.md
index 25564f07a..bd88ffac3 100644
--- a/website/docs/providers/proxy/_traefik_compose.md
+++ b/website/docs/providers/proxy/_traefik_compose.md
@@ -50,7 +50,7 @@ services:
       traefik.http.routers.authentik.tls: true
       traefik.http.middlewares.authentik.forwardauth.address: http://outpost.company:9000/akprox/auth/traefik
       traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
-      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^.*$
     restart: unless-stopped
 
   whoami:
diff --git a/website/docs/providers/proxy/_traefik_ingress.md b/website/docs/providers/proxy/_traefik_ingress.md
index dd0c2236f..da8ccbf76 100644
--- a/website/docs/providers/proxy/_traefik_ingress.md
+++ b/website/docs/providers/proxy/_traefik_ingress.md
@@ -9,13 +9,7 @@ spec:
   forwardAuth:
     address: http://outpost.company:9000/akprox/auth/traefik
     trustForwardHeader: true
-    authResponseHeaders:
-      - Set-Cookie
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
+    authResponseHeadersRegex: ^.*$
 ```
 
 Add the following settings to your IngressRoute
diff --git a/website/docs/providers/proxy/_traefik_standalone.md b/website/docs/providers/proxy/_traefik_standalone.md
index c23157c29..1f0f555eb 100644
--- a/website/docs/providers/proxy/_traefik_standalone.md
+++ b/website/docs/providers/proxy/_traefik_standalone.md
@@ -5,13 +5,7 @@ http:
       forwardAuth:
         address: http://outpost.company:9000/akprox/auth/traefik
         trustForwardHeader: true
-        authResponseHeaders:
-          - Set-Cookie
-          - X-authentik-username
-          - X-authentik-groups
-          - X-authentik-email
-          - X-authentik-name
-          - X-authentik-uid
+        authResponseHeadersRegex: ^.*$
   routers:
     default-router:
       rule: "Host(`app.company`)"