Bypassing zero trust based on existing headers

We ran into an issue where webhook URL endpoints we have are not reachable by 3rd parties trying to access our endpoints. I see a service token can be generated and added to an incoming request so that CF zero trust can be bypassed. I’m wondering if there is a way Cloudflare can detect if some headers already exist and based on the header and the value CF zero trust can be bypassed. Not all 3rd parties have the ability to add custom headers so the service token isn’t working for us in many cases.