diff --git a/pkg/uhttp/wrapper.go b/pkg/uhttp/wrapper.go
index 6befc8bbe..3a8d4d276 100644
--- a/pkg/uhttp/wrapper.go
+++ b/pkg/uhttp/wrapper.go
@@ -476,6 +476,16 @@ func (c *BaseHttpClient) Do(req *http.Request, options ...DoOption) (*http.Respo
 	return resp, errors.Join(optErrs...)
 }
 
+var sensitiveStrings = []string{
+	"api-key",
+	"auth",
+	"cookie",
+	"proxy-authorization",
+	"set-cookie",
+	"x-forwarded-for",
+	"x-forwarded-proto",
+}
+
 func RedactSensitiveHeaders(h http.Header) http.Header {
 	if h == nil {
 		return nil
@@ -484,12 +494,10 @@ func RedactSensitiveHeaders(h http.Header) http.Header {
 	for k, v := range h {
 		sensitive := false
 		headerKey := strings.ToLower(k)
-		if strings.HasPrefix(headerKey, "auth") {
-			sensitive = true
-		} else {
-			switch headerKey {
-			case "set-cookie", "cookie", "x-auth-token", "x-api-key", "x-auth-user", "proxy-authorization":
+		for _, sensitiveString := range sensitiveStrings {
+			if strings.Contains(headerKey, sensitiveString) {
 				sensitive = true
+				break
 			}
 		}
 
diff --git a/pkg/uhttp/wrapper_test.go b/pkg/uhttp/wrapper_test.go
index b77a3c668..808c2c931 100644
--- a/pkg/uhttp/wrapper_test.go
+++ b/pkg/uhttp/wrapper_test.go
@@ -529,6 +529,7 @@ func TestWrapper_RedactSensitiveHeaders(t *testing.T) {
 		"X-Auth-Token":        {"1234567890"},
 		"X-Api-Key":           {"1234567890"},
 		"Proxy-Authorization": {"Basic 1234567890"},
+		"Custom-Api-Key":      {"1234567890"},
 	}
 	redactedHeaders := RedactSensitiveHeaders(headers)
 	require.Equal(t, http.Header{
@@ -540,5 +541,6 @@ func TestWrapper_RedactSensitiveHeaders(t *testing.T) {
 		"X-Auth-Token":        {"REDACTED"},
 		"X-Api-Key":           {"REDACTED"},
 		"Proxy-Authorization": {"REDACTED"},
+		"Custom-Api-Key":      {"REDACTED"},
 	}, redactedHeaders)
 }