diff --git a/apps/emqx_utils/src/emqx_utils.erl b/apps/emqx_utils/src/emqx_utils.erl
index c7888cd36..7748ff65e 100644
--- a/apps/emqx_utils/src/emqx_utils.erl
+++ b/apps/emqx_utils/src/emqx_utils.erl
@@ -579,15 +579,18 @@ try_to_existing_atom(Convert, Data, Encoding) ->
         _:Reason -> {error, Reason}
     end.
 
-is_sensitive_key(token) -> true;
-is_sensitive_key("token") -> true;
-is_sensitive_key(<<"token">>) -> true;
 is_sensitive_key(authorization) -> true;
 is_sensitive_key("authorization") -> true;
 is_sensitive_key(<<"authorization">>) -> true;
+is_sensitive_key(aws_secret_access_key) -> true;
+is_sensitive_key("aws_secret_access_key") -> true;
+is_sensitive_key(<<"aws_secret_access_key">>) -> true;
 is_sensitive_key(password) -> true;
 is_sensitive_key("password") -> true;
 is_sensitive_key(<<"password">>) -> true;
+is_sensitive_key('proxy-authorization') -> true;
+is_sensitive_key("proxy-authorization") -> true;
+is_sensitive_key(<<"proxy-authorization">>) -> true;
 is_sensitive_key(secret) -> true;
 is_sensitive_key("secret") -> true;
 is_sensitive_key(<<"secret">>) -> true;
@@ -597,9 +600,9 @@ is_sensitive_key(<<"secret_key">>) -> true;
 is_sensitive_key(security_token) -> true;
 is_sensitive_key("security_token") -> true;
 is_sensitive_key(<<"security_token">>) -> true;
-is_sensitive_key(aws_secret_access_key) -> true;
-is_sensitive_key("aws_secret_access_key") -> true;
-is_sensitive_key(<<"aws_secret_access_key">>) -> true;
+is_sensitive_key(token) -> true;
+is_sensitive_key("token") -> true;
+is_sensitive_key(<<"token">>) -> true;
 is_sensitive_key(_) -> false.
 
 redact(Term) ->
@@ -710,9 +713,14 @@ redact_test_() ->
 
     Types = [atom, string, binary],
     Keys = [
-        token,
+        authorization,
+        aws_secret_access_key,
         password,
-        secret
+        'proxy-authorization',
+        secret,
+        secret_key,
+        security_token,
+        token
     ],
     [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].
 
diff --git a/changes/ce/fix-10994.en.md b/changes/ce/fix-10994.en.md
new file mode 100644
index 000000000..803646be6
--- /dev/null
+++ b/changes/ce/fix-10994.en.md
@@ -0,0 +1 @@
+Redact `proxy-authorization` headers as used by HTTP connector to not leak secrets into log-files.