diff --git a/recovery.go b/recovery.go
index 515f9d2adc..88c94e49dd 100644
--- a/recovery.go
+++ b/recovery.go
@@ -73,12 +73,7 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 					stack := stack(3)
 					httpRequest, _ := httputil.DumpRequest(c.Request, false)
 					headers := strings.Split(string(httpRequest), "\r\n")
-					for idx, header := range headers {
-						current := strings.Split(header, ":")
-						if current[0] == "Authorization" {
-							headers[idx] = current[0] + ": *"
-						}
-					}
+					maskAuthorization(&headers)
 					headersToStr := strings.Join(headers, "\r\n")
 					if brokenPipe {
 						logger.Printf("%s\n%s%s", err, headersToStr, reset)
@@ -134,6 +129,16 @@ func stack(skip int) []byte {
 	return buf.Bytes()
 }
 
+// maskAuthorization replaces any "Authorization: <token>" header with "Authorization: *", hiding sensitive credentials.
+func maskAuthorization(headers *[]string) {
+	for idx, header := range *headers {
+		current := strings.Split(header, ":")
+		if current[0] == "Authorization" {
+			(*headers)[idx] = current[0] + ": *"
+		}
+	}
+}
+
 // source returns a space-trimmed slice of the n'th line.
 func source(lines [][]byte, n int) []byte {
 	n-- // in stack trace, lines are 1-indexed but our array is 0-indexed