diff --git a/testsuite/openshift/backend.py b/testsuite/openshift/backend.py
index 5a39fc5a..c3459f14 100644
--- a/testsuite/openshift/backend.py
+++ b/testsuite/openshift/backend.py
@@ -1,4 +1,5 @@
 """Backend for Openshift"""
+
 import abc
 
 from testsuite.lifecycle import LifecycleObject
diff --git a/testsuite/policy/dns_policy.py b/testsuite/policy/dns_policy.py
index f7f32cf1..5954515d 100644
--- a/testsuite/policy/dns_policy.py
+++ b/testsuite/policy/dns_policy.py
@@ -12,10 +12,18 @@
 
 
 @dataclass
-class HealthCheck:  # pylint: disable=invalid-name
+class AdditionalHeadersRef:
+    """Object representing DNSPolicy additionalHeadersRef field"""
+
+    name: str
+
+
+@dataclass
+class HealthCheck:  # pylint: disable=invalid-name,too-many-instance-attributes
     """Object representing DNSPolicy health check specification"""
 
     allowInsecureCertificates: Optional[bool] = None
+    additionalHeadersRef: Optional[AdditionalHeadersRef] = None
     endpoint: Optional[str] = None
     expectedResponses: Optional[list[int]] = None
     failureThreshold: Optional[int] = None
diff --git a/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py b/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py
new file mode 100644
index 00000000..0306d7ba
--- /dev/null
+++ b/testsuite/tests/mgc/dnspolicy/health_check/test_additional_headers.py
@@ -0,0 +1,63 @@
+"""Tests for DNSPolicy health checks - additional authentication headers sent with health check requests"""
+
+import pytest
+
+from testsuite.openshift.secret import Secret
+from testsuite.mockserver import MockserverBackend
+from testsuite.policy.dns_policy import HealthCheck, AdditionalHeadersRef
+
+pytestmark = [pytest.mark.mgc]
+
+HEADER_NAME = "test-header"
+HEADER_VALUE = "test-value"
+
+
+@pytest.fixture(scope="module")
+def backend(request, openshift, name, base_domain, blame, label):
+    """Use mockserver as backend for health check requests to verify additional headers"""
+    mockserver = MockserverBackend(openshift, f"http://{name}.{base_domain}", blame("mocksrv"), label)
+    request.addfinalizer(mockserver.delete)
+    mockserver.commit()
+
+    return mockserver
+
+
+@pytest.fixture(scope="module", autouse=True)
+def mockserver_backend_expectation(backend, route, module_label):  # pylint: disable=unused-argument
+    """Creates Mockserver Expectation which requires additional headers for successful request"""
+    backend.create_request_expectation(module_label, headers={HEADER_NAME: [HEADER_VALUE]})
+
+
+@pytest.fixture(scope="module")
+def headers_secret(request, hub_openshift, blame):
+    """Creates Secret with additional headers for DNSPolicy health check"""
+    secret_name = blame("headers")
+    headers_secret = Secret.create_instance(hub_openshift, secret_name, {HEADER_NAME: HEADER_VALUE})
+
+    request.addfinalizer(headers_secret.delete)
+    headers_secret.commit()
+    return secret_name
+
+
+@pytest.fixture(scope="module")
+def health_check(headers_secret, module_label):
+    """Returns healthy endpoint specification with additional authentication header for DNSPolicy health check"""
+    return HealthCheck(
+        allowInsecureCertificates=True,
+        additionalHeadersRef=AdditionalHeadersRef(name=headers_secret),
+        endpoint=f"/{module_label}",
+        interval="5s",
+        port=80,
+        protocol="http",
+    )
+
+
+def test_additional_headers(dns_health_probe, backend, module_label):
+    """Test if additional headers in health check requests are used"""
+    assert dns_health_probe.is_healthy()
+
+    requests = backend.retrieve_requests(module_label)
+    assert len(requests) > 0
+
+    request_headers = requests[0]["headers"]
+    assert request_headers.get(HEADER_NAME) == [HEADER_VALUE]