diff --git a/src/BaGetter.Core/Configuration/MirrorOptions.cs b/src/BaGetter.Core/Configuration/MirrorOptions.cs
index 89a42da3..c13f60f9 100644
--- a/src/BaGetter.Core/Configuration/MirrorOptions.cs
+++ b/src/BaGetter.Core/Configuration/MirrorOptions.cs
@@ -70,6 +70,7 @@ public IEnumerable<ValidationResult> Validate(ValidationContext validationContex
                             [nameof(Authentication.Password)]);
                     }
                     break;
+
                 case MirrorAuthenticationType.Bearer:
                     if (string.IsNullOrEmpty(Authentication.Token))
                     {
@@ -78,12 +79,22 @@ public IEnumerable<ValidationResult> Validate(ValidationContext validationContex
                             [nameof(Authentication.Token)]);
                     }
                     break;
+
                 case MirrorAuthenticationType.Custom:
-                    if (Authentication.CustomHeaders?.Count == 0)
+                    if (Authentication.CustomHeaders == null)
                     {
                         yield return new ValidationResult(
                             $"The {nameof(Authentication.CustomHeaders)} configuration is required for custom authentication",
                             [nameof(Authentication.CustomHeaders)]);
+                        break;
+                    }
+
+                    if (Authentication.CustomHeaders.Count == 0)
+                    {
+                        yield return new ValidationResult(
+                            $"The {nameof(Authentication.CustomHeaders)} configuration has no headers defined." +
+                            $" Use \"{nameof(Authentication.Type)}\": \"{nameof(MirrorAuthenticationType.None)}\" instead if you intend you use no authentication.",
+                            [nameof(Authentication.CustomHeaders)]);
                     }
                     break;
             }