diff --git a/packages/theme/src/cli/utilities/theme-environment/proxy.ts b/packages/theme/src/cli/utilities/theme-environment/proxy.ts
index 197ff16d1a..d228837ef6 100644
--- a/packages/theme/src/cli/utilities/theme-environment/proxy.ts
+++ b/packages/theme/src/cli/utilities/theme-environment/proxy.ts
@@ -306,15 +306,19 @@ export function proxyStorefrontRequest(event: H3Event, ctx: DevServerContext): P
   const headers = getProxyStorefrontHeaders(event)
   const body = getRequestWebStream(event)
 
-  const finalHeaders = cleanHeader({
+  const baseHeaders: {[key: string]: string} = {
     ...headers,
     ...defaultHeaders(),
-    Authorization: `Bearer ${ctx.session.storefrontToken}`,
-    // Required header for CDN requests
     referer: url.origin,
-    // Update the cookie with the latest session
     Cookie: buildCookies(ctx.session, {headers}),
-  })
+  }
+
+  // Only include Authorization for theme dev, not theme-extensions
+  if (ctx.type === 'theme') {
+    baseHeaders.Authorization = `Bearer ${ctx.session.storefrontToken}`
+  }
+
+  const finalHeaders = cleanHeader(baseHeaders)
 
   // eslint-disable-next-line no-restricted-globals
   return fetch(url, {
diff --git a/packages/theme/src/cli/utilities/theme-environment/theme-environment.test.ts b/packages/theme/src/cli/utilities/theme-environment/theme-environment.test.ts
index cd2139c5ab..02508a5ee6 100644
--- a/packages/theme/src/cli/utilities/theme-environment/theme-environment.test.ts
+++ b/packages/theme/src/cli/utilities/theme-environment/theme-environment.test.ts
@@ -872,7 +872,6 @@ describe('setupDevServer', () => {
           headers: expect.objectContaining({
             referer,
             'User-Agent': expect.stringContaining('Shopify CLI'),
-            Authorization: expect.stringContaining('Bearer'),
           }),
         }),
       )