diff --git a/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts b/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
index 07d25b8b49f25..c7ffe7451c073 100644
--- a/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
+++ b/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
@@ -1,11 +1,12 @@
 import type { SecureContextOptions } from 'tls';
-import type {
-	ICredentialDataDecryptedObject,
-	IDataObject,
-	INodeExecutionData,
-	INodeProperties,
-	IOAuth2Options,
-	IRequestOptions,
+import {
+	deepCopy,
+	type ICredentialDataDecryptedObject,
+	type IDataObject,
+	type INodeExecutionData,
+	type INodeProperties,
+	type IOAuth2Options,
+	type IRequestOptions,
 } from 'n8n-workflow';
 
 import set from 'lodash/set';
@@ -60,7 +61,12 @@ export function sanitizeUiMessage(
 	authDataKeys: IAuthDataSanitizeKeys,
 	secrets?: string[],
 ) {
-	let sendRequest = request as unknown as IDataObject;
+	const { body, ...rest } = request as IDataObject;
+
+	let sendRequest: IDataObject = { body };
+	for (const [key, value] of Object.entries(rest)) {
+		sendRequest[key] = deepCopy(value);
+	}
 
 	// Protect browser from sending large binary data
 	if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
diff --git a/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts b/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
index 0ad0bf35d19ca..04c11078935b1 100644
--- a/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
+++ b/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
@@ -93,7 +93,7 @@ describe('HTTP Node Utils', () => {
 			);
 		});
 
-		it('should remove keys that contain sensitive data', async () => {
+		it('should remove keys that contain sensitive data and do not modify requestOptions', async () => {
 			const requestOptions: IRequestOptions = {
 				method: 'POST',
 				uri: 'https://example.com',
@@ -115,6 +115,14 @@ describe('HTTP Node Utils', () => {
 				method: 'POST',
 				uri: 'https://example.com',
 			});
+
+			expect(requestOptions).toEqual({
+				method: 'POST',
+				uri: 'https://example.com',
+				body: { sessionToken: 'secret', other: 'foo' },
+				headers: { authorization: 'secret', other: 'foo' },
+				auth: { user: 'user', password: 'secret' },
+			});
 		});
 
 		it('should remove secrets', async () => {
@@ -125,7 +133,9 @@ describe('HTTP Node Utils', () => {
 				headers: { authorization: 'secretAccessToken', other: 'foo' },
 			};
 
-			expect(sanitizeUiMessage(requestOptions, {}, ['secretAccessToken'])).toEqual({
+			const sanitizedRequest = sanitizeUiMessage(requestOptions, {}, ['secretAccessToken']);
+
+			expect(sanitizedRequest).toEqual({
 				body: {
 					nested: {
 						secret: REDACTED,