diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md
index 8ea60266e..070d159b2 100644
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@@ -10,6 +10,7 @@
 
 ### Fixed
 - Add `Allow` header to `Resource`'s default responses when no routes are matched. [#2949]
+- Hide `Authorization` header in `HttpRequest` Debug output
 
 [#1961]: https://github.com/actix/actix-web/pull/1961
 [#2265]: https://github.com/actix/actix-web/pull/2265
diff --git a/actix-web/src/request.rs b/actix-web/src/request.rs
index ba2fe8844..3039a7326 100644
--- a/actix-web/src/request.rs
+++ b/actix-web/src/request.rs
@@ -445,6 +445,7 @@ impl fmt::Debug for HttpRequest {
         }
         writeln!(f, "  headers:")?;
         for (key, val) in self.headers().iter() {
+            // Hide sensitive header from debug output
             if key != http::header::AUTHORIZATION {
                 writeln!(f, "    {:?}: {:?}", key, val)?;
             }