diff --git a/package-lock.json b/package-lock.json
index 05ffa1a..3392fc8 100755
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,6 +21,7 @@
         "react-error-boundary": "^4.0.13",
         "react-icons": "^5.2.1",
         "react-router-dom": "^6.25.1",
+        "register-service-worker": "^1.7.2",
         "swr": "^2.2.5"
       },
       "devDependencies": {
@@ -6082,6 +6083,12 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/register-service-worker": {
+      "version": "1.7.2",
+      "resolved": "https://registry.npmjs.org/register-service-worker/-/register-service-worker-1.7.2.tgz",
+      "integrity": "sha512-CiD3ZSanZqcMPRhtfct5K9f7i3OLCcBBWsJjLh1gW9RO/nS94sVzY59iS+fgYBOBqaBpf4EzfqUF3j9IG+xo8A==",
+      "license": "MIT"
+    },
     "node_modules/requires-port": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
@@ -11344,6 +11351,11 @@
         "set-function-name": "^2.0.1"
       }
     },
+    "register-service-worker": {
+      "version": "1.7.2",
+      "resolved": "https://registry.npmjs.org/register-service-worker/-/register-service-worker-1.7.2.tgz",
+      "integrity": "sha512-CiD3ZSanZqcMPRhtfct5K9f7i3OLCcBBWsJjLh1gW9RO/nS94sVzY59iS+fgYBOBqaBpf4EzfqUF3j9IG+xo8A=="
+    },
     "requires-port": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
diff --git a/package.json b/package.json
index 5cec910..08938eb 100755
--- a/package.json
+++ b/package.json
@@ -25,6 +25,7 @@
     "react-error-boundary": "^4.0.13",
     "react-icons": "^5.2.1",
     "react-router-dom": "^6.25.1",
+    "register-service-worker": "^1.7.2",
     "swr": "^2.2.5"
   },
   "devDependencies": {
diff --git a/public/worker.js b/public/worker.js
index 54c711a..5137ac8 100644
--- a/public/worker.js
+++ b/public/worker.js
@@ -17,7 +17,10 @@ self.addEventListener("activate", (event) => {
 self.addEventListener("message", (event) => {
   if (event.data && event.data.type === "SET_TOKEN") {
     accessToken = event.data.token;
-    console.log("Access token received by Service Worker:", accessToken);
+    console.log(
+      "Access token received by Service Worker, public:",
+      accessToken
+    );
   }
 });
 
diff --git a/src/main.jsx b/src/main.jsx
index 38b96aa..3e553b5 100755
--- a/src/main.jsx
+++ b/src/main.jsx
@@ -20,14 +20,14 @@ const router = createBrowserRouter(
 const stored_token = localStorage.getItem("token");
 const token = keycloak.token ? keycloak.token : stored_token;
 
-const base_url = import.meta.env.PROD ? "/search/worker.js" : "/worker.js";
+// const base_url = import.meta.env.PROD ? "/search/worker.js" : "/worker.js";
 
-console.log("base url", base_url);
+// console.log("base url", base_url);
 
 if ("serviceWorker" in navigator) {
   window.addEventListener("load", () => {
     navigator.serviceWorker
-      .register(base_url, { scope: "/" })
+      .register("/worker.js")
       .then((registration) => {
         console.log(
           "Service Worker registered with scope: ",
diff --git a/src/worker.js b/src/worker.js
new file mode 100644
index 0000000..063d3e9
--- /dev/null
+++ b/src/worker.js
@@ -0,0 +1,56 @@
+let accessToken = null;
+
+self.addEventListener("install", (event) => {
+  event.waitUntil(
+    caches.open("static-v1").then((cache) => {
+      return cache.addAll(["/", "/index.html"]);
+    })
+  );
+  self.skipWaiting();
+});
+
+self.addEventListener("activate", (event) => {
+  event.waitUntil(clients.claim());
+  console.log("Service worker activated");
+});
+
+self.addEventListener("message", (event) => {
+  if (event.data && event.data.type === "SET_TOKEN") {
+    accessToken = event.data.token;
+    console.log("Access token received by Service Worker, root:", accessToken);
+  }
+});
+
+function isGeneratedImage(url) {
+  return url.pathname == "/db/download";
+}
+
+self.addEventListener("fetch", (event) => {
+  const { request } = event;
+  const url = new URL(event.request.url);
+
+  if (
+    accessToken &&
+    url.origin.startsWith("https://") &&
+    url.origin.endsWith(".ideaconsult.net") &&
+    request.method === "GET" &&
+    isGeneratedImage(url) &&
+    url.origin !== "https://iam.ideaconsult.net" &&
+    url.origin !== "https://idp.ideaconsult.net" &&
+    request.destination === "image" &&
+    event.request.headers["Authorization"] == undefined
+  ) {
+    const authRequest = new Request(request, {
+      headers: new Headers({
+        ...request.headers,
+        Authorization: `Bearer ${accessToken}`,
+      }),
+      mode: "cors",
+    });
+    event.respondWith(fetch(authRequest));
+    console.log("with token");
+  } else {
+    event.respondWith(fetch(request));
+    console.log("without token");
+  }
+});