Nicolas, thank you for your response but I really do not wish to use the Route to Http(s) assertion since it is part of a reusable policy fragment where some consumers will need the basic auth header Below is an attachment of what I am trying to do but not sure why it seems not to be working.