diff --git a/editions/tw5.com/tiddlers/webserver/WebServer Header Authentication.tid b/editions/tw5.com/tiddlers/webserver/WebServer Header Authentication.tid
index 7f6a9a5a4..bfaf48592 100644
--- a/editions/tw5.com/tiddlers/webserver/WebServer Header Authentication.tid	
+++ b/editions/tw5.com/tiddlers/webserver/WebServer Header Authentication.tid	
@@ -8,6 +8,11 @@ Header authentication is a web integration technique enabling external entities
 
 Header authentication is activated if is configured via the [[authenticated-user-header|WebServer Parameter: authenticated-user-header]]
 
+
+!! 3rd Party Projects That Support This Mechanism
+
+Pomerium, and open-source proxy, has [[a guide|https://www.pomerium.com/docs/guides/tiddlywiki]] for adding authentication and authorization to a TiddlyWiki instance.
+
 !! Usage in SSO
 
-Header authentication is commonly used for "single sign on" in corporate environments. When doing header authentication, the user is not prompted for a username and password on TiddlyWiki. Instead, the user is required to login at a SSO proxy server. When the user authenticates themselves to the SSO proxy server, the proxy server redirects the user request to the TiddlyWiki server with this additional request header containing the username. Then TiddlyWiki server is able to use the value of this request header to identify the user.
\ No newline at end of file
+Header authentication is commonly used for "single sign on" in corporate environments. When doing header authentication, the user is not prompted for a username and password on TiddlyWiki. Instead, the user is required to login at a SSO proxy server. When the user authenticates themselves to the SSO proxy server, the proxy server redirects the user request to the TiddlyWiki server with this additional request header containing the username. Then TiddlyWiki server is able to use the value of this request header to identify the user.