diff --git a/api/v1alpha1/jwt_types.go b/api/v1alpha1/jwt_types.go
index 43e22274338..ac65254e1e7 100644
--- a/api/v1alpha1/jwt_types.go
+++ b/api/v1alpha1/jwt_types.go
@@ -85,6 +85,10 @@ type ClaimToHeader struct {
 	// (eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
 	// to separate the JSON name path.
 	Claim string `json:"claim"`
+
+	// UseForRouting must be enabled if this header generated from the claim should be used for
+	// route matching decisions
+	UseForRouting *bool `json:"useForRouting,omitempty"`
 }
 
 // JWTExtractor defines a custom JWT token extraction from HTTP request.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index d38d710885d..512878682d5 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -366,6 +366,11 @@ func (in *CircuitBreaker) DeepCopy() *CircuitBreaker {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader) {
 	*out = *in
+	if in.UseForRouting != nil {
+		in, out := &in.UseForRouting, &out.UseForRouting
+		*out = new(bool)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader.
@@ -2024,7 +2029,9 @@ func (in *JWTProvider) DeepCopyInto(out *JWTProvider) {
 	if in.ClaimToHeaders != nil {
 		in, out := &in.ClaimToHeaders, &out.ClaimToHeaders
 		*out = make([]ClaimToHeader, len(*in))
-		copy(*out, *in)
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
 	}
 	if in.ExtractFrom != nil {
 		in, out := &in.ExtractFrom, &out.ExtractFrom
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 07cfc0dc8ba..8609104dee4 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -245,6 +245,7 @@ _Appears in:_
 | ---   | ---  | ---      | ---         |
 | `header` | _string_ |  true  | Header defines the name of the HTTP request header that the JWT Claim will be saved into. |
 | `claim` | _string_ |  true  | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type (eg. "claim.nested.key", "sub"). The nested claim name must use dot "." to separate the JSON name path. |
+| `useForRouting` | _boolean_ |  true  | UseForRouting must be enabled if this header generated from the claim should be used for route matching decisions |
 
 
 #### ClientIPDetectionSettings