diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md
index 6395e3974..7e82d095a 100644
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@@ -10,6 +10,7 @@
 ### Changed
 
 - Handler functions can now receive up to 16 extractor parameters.
+- Hide sensitive header values in `HttpRequest`'s `Debug` output.
 - Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency.
 
 ## 4.3.1 - 2023-02-26
@@ -18,11 +19,6 @@
 
 - Add support for custom methods with the `#[route]` macro. [#2969]
 
-### Fixed
-
-- Hide `Authorization` and `Proxy-Authorization` header in `HttpRequest` Debug output [#2953]
-
-[#2953]: https://github.com/actix/actix-web/pull/2953
 [#2969]: https://github.com/actix/actix-web/pull/2969
 
 ## 4.3.0 - 2023-01-21
diff --git a/actix-web/src/request.rs b/actix-web/src/request.rs
index d563afe29..ece36a388 100644
--- a/actix-web/src/request.rs
+++ b/actix-web/src/request.rs
@@ -435,24 +435,28 @@ impl fmt::Debug for HttpRequest {
             self.inner.head.method,
             self.path()
         )?;
+
         if !self.query_string().is_empty() {
             writeln!(f, "  query: ?{:?}", self.query_string())?;
         }
+
         if !self.match_info().is_empty() {
             writeln!(f, "  params: {:?}", self.match_info())?;
         }
+
         writeln!(f, "  headers:")?;
+
         for (key, val) in self.headers().iter() {
-            // Hide sensitive header from debug output
             match key {
+                // redact sensitive header values from debug output
                 &crate::http::header::AUTHORIZATION
                 | &crate::http::header::PROXY_AUTHORIZATION
-                | &crate::http::header::COOKIE => {
-                    writeln!(f, "    {:?}: {:?}", key, "*redacted*")?
-                }
+                | &crate::http::header::COOKIE => writeln!(f, "    {:?}: {:?}", key, "*redacted*")?,
+
                 _ => writeln!(f, "    {:?}: {:?}", key, val)?,
             }
         }
+
         Ok(())
     }
 }
@@ -931,7 +935,10 @@ mod tests {
     fn proxy_authorization_header_hidden_in_debug() {
         let proxy_authorization_header = "secret value";
         let req = TestRequest::get()
-            .insert_header((crate::http::header::PROXY_AUTHORIZATION, proxy_authorization_header))
+            .insert_header((
+                crate::http::header::PROXY_AUTHORIZATION,
+                proxy_authorization_header,
+            ))
             .to_http_request();
 
         assert!(!format!("{:?}", req).contains(proxy_authorization_header));