diff --git a/internal/config/config.go b/internal/config/config.go
index 8f9a41a4d..9459a8956 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -871,6 +871,7 @@ func processOtlpReceivers(tlsConfig *OtlpTLSConfig) error {
 func resolveExtensions() Extensions {
 	var health *Health
 	var headersSetter *HeadersSetter
+	var tokenValue string
 
 	if isHealthExtensionSet() {
 		health = &Health{
@@ -899,6 +900,19 @@ func resolveExtensions() Extensions {
 		}
 	}
 
+	if headersSetter != nil {
+		tokenValue = headersSetter.Headers[0].Value
+	}
+
+	_, err := os.Stat(tokenValue)
+	if err == nil {
+		token, fileErr := file.ReadFromFile(tokenValue)
+		if fileErr != nil {
+			slog.Error("error reading from file", "error", fileErr)
+		}
+		headersSetter.Headers[0].Value = token
+	}
+
 	return Extensions{
 		Health:        health,
 		HeadersSetter: headersSetter,
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index a0b369b10..21fac8357 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -5,7 +5,9 @@
 package config
 
 import (
+	_ "embed"
 	"errors"
+	"fmt"
 	"os"
 	"path"
 	"strings"
@@ -631,6 +633,61 @@ func TestValidateYamlFile(t *testing.T) {
 	}
 }
 
+//go:embed testdata/nginx-agent-with-token.conf
+var agentConfigWithToken string
+
+func getAgentConfigWithToken(token string) string {
+	return fmt.Sprintf(agentConfigWithToken, token)
+}
+
+func TestResolveExtensions(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "Test 1: Header value is a valid token",
+			input:    "super-secret-token",
+			expected: "super-secret-token",
+		},
+		{
+			name:     "Test 2: Header value is a valid token path",
+			input:    "testdata/nginx-token.crt",
+			expected: "super-secret-token",
+		},
+		{
+			name:     "Test 3: Header value is empty",
+			input:    "",
+			expected: "",
+		},
+	}
+
+	viperInstance = viper.NewWithOptions(viper.KeyDelimiter(KeyDelimiter))
+	tempDir := t.TempDir()
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tempFile := helpers.CreateFileWithErrorCheck(t, tempDir, "nginx-agent.conf")
+			defer helpers.RemoveFileWithErrorCheck(t, tempFile.Name())
+
+			confContent := []byte(getAgentConfigWithToken(tt.input))
+			_, writeErr := tempFile.Write(confContent)
+			require.NoError(t, writeErr)
+
+			err := loadPropertiesFromFile(tempFile.Name())
+			require.NoError(t, err)
+
+			extension := resolveExtensions()
+			require.NotNil(t, extension)
+			assert.Equal(t, tt.expected, extension.HeadersSetter.Headers[0].Value)
+
+			err = tempFile.Close()
+			require.NoError(t, err)
+		})
+	}
+}
+
 func getAgentConfig() *Config {
 	return &Config{
 		UUID:    "",
diff --git a/internal/config/testdata/nginx-agent-with-token.conf b/internal/config/testdata/nginx-agent-with-token.conf
new file mode 100644
index 000000000..fbcb23454
--- /dev/null
+++ b/internal/config/testdata/nginx-agent-with-token.conf
@@ -0,0 +1,10 @@
+log:
+  level: info
+  
+collector:
+    extensions:
+      headers_setter:
+        headers:
+          - action: insert
+            key: "authorization"
+            value: %s
diff --git a/internal/config/testdata/nginx-token.crt b/internal/config/testdata/nginx-token.crt
new file mode 100644
index 000000000..4b3786748
--- /dev/null
+++ b/internal/config/testdata/nginx-token.crt
@@ -0,0 +1 @@
+super-secret-token
diff --git a/nginx-agent.conf b/nginx-agent.conf
index d92004849..b67980261 100644
--- a/nginx-agent.conf
+++ b/nginx-agent.conf
@@ -27,4 +27,3 @@ allowed_directories:
 #    token: ""
 #  tls:
 #    skip_verify: false
-