diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 59f4ab2406..ad8cb12637 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Fixed
 * Bumped `paramiko` to `2.10.5` to fix an issue with SSH Certs - https://github.com/paramiko/paramiko/issues/2017
   Contributed by @jk464
 
+* Avoid logging sensitive information in debug (fix #5977)
+
 Added
 ~~~~~
 
diff --git a/st2common/st2common/router.py b/st2common/st2common/router.py
index ff4a9866f5..1200044fd6 100644
--- a/st2common/st2common/router.py
+++ b/st2common/st2common/router.py
@@ -328,7 +328,12 @@ def __call__(self, req):
 
         At the time of writing, the only property being utilized by middleware was `x-log-result`.
         """
-        LOG.debug("Received call with WebOb: %s", req)
+        LOG.debug("Received call with WebOb: %s %s", req.method, req.url)
+        # if a more detailed log is required:
+        # loggable_req = req.copy()
+        # loggable_req.headers.pop('Authorization', None)
+        # loggable_req.headers.pop('X-Request-Id', None)
+        # LOG.debug("Received call with WebOb: %s", loggable_req)
         endpoint, path_vars = self.match(req)
         LOG.debug("Parsed endpoint: %s", endpoint)
         LOG.debug("Parsed path_vars: %s", path_vars)