diff --git a/gcube-token-docker/pep.js.j2 b/gcube-token-docker/pep.js.j2
index 6865212..8a253a9 100644
--- a/gcube-token-docker/pep.js.j2
+++ b/gcube-token-docker/pep.js.j2
@@ -43,11 +43,15 @@ function enforce(r) {
       return context.request.subrequest("/_backend", { method : context.request.method, args : context.request.variables.args, headers : context.request.headersIn})
     }).then(reply=>{ 
       debug(context, "[REL] response status: " + reply.status)
+      copyHeaders(context, reply.headersOut, r.headersOut)
       closeAccountingRecord(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204))
       context.request.subrequest("/_accounting", { detached : true, body : JSON.stringify(context.record) })
       debug(context, njs.dump(reply))
-      context.request.headersOut['Content-type'] = "text/html"
-      r.return(reply.status, reply.responseText)
+      if(reply.status === 301 || reply.status === 302){
+        r.return(reply.status, reply.headersOut["Location"])
+      }else{
+        r.return(reply.status, reply.responseText)
+      } 
     }).catch(e => { log(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500)} )
   
     return
@@ -109,3 +113,9 @@ function exportVariable(context, name, value){
   context.request.variables[name] = value
   return context
 }
+
+function copyHeaders(context, hin, hout){
+  for (var h in hin) {
+    if(h !== "Location") hout[h] = hin[h];
+  }
+}