Update validate-jwt-policy.md

tomkerkhove · web-flow · commit 807f8954f722 · 2023-08-24T13:47:30.000+02:00
diff --git a/articles/api-management/validate-jwt-policy.md b/articles/api-management/validate-jwt-policy.md
@@ -121,6 +121,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
 * The policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
 * To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
 * You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Azure AD authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
+* When using a custom header (`header-name`), the header value cannot be prefixed with `Bearer ` and should be removed.
 
 
 ## Examples
