diff --git a/authorize/evaluator/headers_evaluator.go b/authorize/evaluator/headers_evaluator.go
index f86a9a289..afb56248e 100644
--- a/authorize/evaluator/headers_evaluator.go
+++ b/authorize/evaluator/headers_evaluator.go
@@ -30,11 +30,11 @@ type HeadersRequest struct {
 // NewHeadersRequestFromPolicy creates a new HeadersRequest from a policy.
 func NewHeadersRequestFromPolicy(policy *config.Policy, hostname string) *HeadersRequest {
 	input := new(HeadersRequest)
+	input.Issuer = hostname
 	if policy != nil {
 		input.EnableGoogleCloudServerlessAuthentication = policy.EnableGoogleCloudServerlessAuthentication
 		input.EnableRoutingKey = policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_RING_HASH ||
 			policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_MAGLEV
-		input.Issuer = hostname
 		input.KubernetesServiceAccountToken = policy.KubernetesServiceAccountToken
 		for _, wu := range policy.To {
 			input.ToAudience = "https://" + wu.URL.Hostname()
diff --git a/authorize/evaluator/headers_evaluator_test.go b/authorize/evaluator/headers_evaluator_test.go
index fd02a517c..5891d50b0 100644
--- a/authorize/evaluator/headers_evaluator_test.go
+++ b/authorize/evaluator/headers_evaluator_test.go
@@ -36,6 +36,13 @@ func TestNewHeadersRequestFromPolicy(t *testing.T) {
 	}, req)
 }
 
+func TestNewHeadersRequestFromPolicy_nil(t *testing.T) {
+	req := NewHeadersRequestFromPolicy(nil, "from.example.com")
+	assert.Equal(t, &HeadersRequest{
+		Issuer: "from.example.com",
+	}, req)
+}
+
 func TestHeadersEvaluator(t *testing.T) {
 	type A = []interface{}
 	type M = map[string]interface{}