diff --git a/packages/core/src/tools/create-logger.js b/packages/core/src/tools/create-logger.js
index 89d5e749b..a5883e747 100644
--- a/packages/core/src/tools/create-logger.js
+++ b/packages/core/src/tools/create-logger.js
@@ -123,7 +123,7 @@ const toStdout = (event, msg, data) => {
 const attemptFindSecretsInStr = (s, isGettingNewSecret) => {
   let parsedRespContent;
   try {
-    parsedRespContent = JSON.parse(s);
+    parsedRespContent = JSON.parse(s) || {};
   } catch {
     return [];
   }
diff --git a/packages/core/test/logger.js b/packages/core/test/logger.js
index 8a9444b58..a49907ae9 100644
--- a/packages/core/test/logger.js
+++ b/packages/core/test/logger.js
@@ -335,6 +335,39 @@ describe('logger', () => {
     ]);
   });
 
+  it('should leave response content of null uncensored', async () => {
+    const event = {
+      method: 'authentication.sessionConfig.perform',
+    };
+    const logger = createlogger(event, options);
+
+    const { message, data } = prepareTestRequest({
+      resBody: JSON.stringify(null),
+    });
+
+    await logger(message, data);
+    const response = await logger.end(1000);
+    response.status.should.eql(200);
+
+    response.content.logs.should.deepEqual([
+      {
+        message: '200 POST http://example.com',
+        data: {
+          log_type: 'http',
+          request_type: 'devplatform-outbound',
+          request_url: 'http://example.com',
+          request_method: 'POST',
+          request_headers: 'accept: application/json',
+          request_data: '{}',
+          request_via_client: true,
+          response_status_code: 200,
+          response_headers: 'content-type: application/json',
+          response_content: 'null',
+        },
+      },
+    ]);
+  });
+
   it('should handle missing bits of the request/response', async () => {
     // this test should, as closely as possible, match what we actually log after an http request from z.request
     const bundle = {