diff --git a/integration/hurl/tests_ok/follow_redirect.py b/integration/hurl/tests_ok/follow_redirect.py
index 3543e89ce5d..2f619fa719b 100644
--- a/integration/hurl/tests_ok/follow_redirect.py
+++ b/integration/hurl/tests_ok/follow_redirect.py
@@ -37,3 +37,14 @@ def followed_redirect_post():
 @app.route("/follow-redirect-308", methods=["POST"])
 def follow_redirect_308():
     return redirect("http://localhost:8000/followed-redirect-post", code=308)
+
+
+@app.route("/follow-redirect-basic-auth")
+def follow_redirect_basic_auth():
+    return redirect("http://127.0.0.1:8000/followed-redirect-basic-auth")
+
+
+@app.route("/followed-redirect-basic-auth")
+def followed_redirect_basic_auth():
+    assert "Authorization" not in request.headers
+    return "Followed redirect Basic Auth!"
diff --git a/integration/hurl/tests_ok/follow_redirect_option.hurl b/integration/hurl/tests_ok/follow_redirect_option.hurl
index 15fb9a2b4f4..d59b677c24f 100644
--- a/integration/hurl/tests_ok/follow_redirect_option.hurl
+++ b/integration/hurl/tests_ok/follow_redirect_option.hurl
@@ -44,3 +44,13 @@ HTTP 200
 [Asserts]
 header "Location" not exists
 `Followed redirect POST!`
+
+# Do not forward authorization header by default toa different host
+GET http://localhost:8000/follow-redirect-basic-auth
+Authorization: Basic Ym9iQGVtYWlsLmNvbTpzZWNyZXQ=
+[Options]
+location: true
+HTTP 200
+[Asserts]
+header "Location" not exists
+`Followed redirect Basic Auth!`
diff --git a/integration/hurl/tests_ok/follow_redirect_option.out b/integration/hurl/tests_ok/follow_redirect_option.out
index 8cf3b25c1fb..b1f20579e6c 100644
--- a/integration/hurl/tests_ok/follow_redirect_option.out
+++ b/integration/hurl/tests_ok/follow_redirect_option.out
@@ -1 +1 @@
-Followed redirect POST!
\ No newline at end of file
+Followed redirect Basic Auth!
\ No newline at end of file
diff --git a/packages/hurl/src/http/client.rs b/packages/hurl/src/http/client.rs
index e06ed3227e7..d8ad9fe546f 100644
--- a/packages/hurl/src/http/client.rs
+++ b/packages/hurl/src/http/client.rs
@@ -127,10 +127,17 @@ impl Client {
                 }
             }
             let redirect_method = get_redirect_method(status, request_spec.method);
+            // TODO: add --location-trusted option to forward Authorization header explicitly
+            let headers = request_spec
+                .headers
+                .iter()
+                .filter(|header| header.name.to_lowercase() != "authorization")
+                .cloned()
+                .collect::<Vec<Header>>();
             request_spec = RequestSpec {
                 method: redirect_method,
                 url: redirect_url,
-                headers: request_spec.headers,
+                headers,
                 ..Default::default()
             };
         }