diff --git a/aws-es-proxy.go b/aws-es-proxy.go
index e9729ee2..f1f588ef 100644
--- a/aws-es-proxy.go
+++ b/aws-es-proxy.go
@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
+	"net/http/cookiejar"
 	"net/http/httputil"
 	"net/url"
 	"os"
@@ -27,6 +28,7 @@ import (
 	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
 	"github.com/sirupsen/logrus"
 	"go.mongodb.org/mongo-driver/bson/primitive"
+	"golang.org/x/net/publicsuffix"
 )
 
 func logger(debug bool) {
@@ -96,9 +98,15 @@ func newProxy(args ...interface{}) *proxy {
 		return http.ErrUseLastResponse
 	}
 
+	jar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	if err != nil {
+		log.Fatal(err)
+	}
+
 	client := http.Client{
 		Timeout:       time.Duration(args[5].(int)) * time.Second,
 		CheckRedirect: noRedirect,
+		Jar:           jar,
 	}
 
 	return &proxy{
@@ -420,6 +428,10 @@ func addHeaders(src, dest http.Header) {
 	if val, ok := src["Kbn-Xsrf"]; ok {
 		dest.Add("Kbn-Xsrf", val[0])
 	}
+
+	if val, ok := src["Authorization"]; ok {
+		dest.Add("Authorization", val[0])
+	}
 }
 
 // Signer.Sign requires a "seekable" body to sum body's sha256
diff --git a/go.mod b/go.mod
index f160463a..33162ef8 100644
--- a/go.mod
+++ b/go.mod
@@ -6,5 +6,6 @@ require (
 	github.com/aws/aws-sdk-go v1.30.4
 	github.com/sirupsen/logrus v1.4.2
 	go.mongodb.org/mongo-driver v1.3.1
+	golang.org/x/net v0.0.0-20200202094626-16171245cfb2
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 )