diff --git a/apps/server/src/routes/error_handlers.ts b/apps/server/src/routes/error_handlers.ts
index af58be82f1..9df5f9c283 100644
--- a/apps/server/src/routes/error_handlers.ts
+++ b/apps/server/src/routes/error_handlers.ts
@@ -15,7 +15,10 @@ function register(app: Application) {
             && err.code === "EBADCSRFTOKEN";
 
         if (isCsrfTokenError) {
-            log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies[CSRF_COOKIE_NAME]}`);
+            const csrfHeader = req.headers["x-csrf-token"];
+            const csrfHeaderPrefix = typeof csrfHeader === "string" ? csrfHeader.slice(0, 8) : undefined;
+            const tokenInfo = csrfHeaderPrefix ? ` (token prefix: ${csrfHeaderPrefix})` : "";
+            log.error(`Invalid CSRF token on ${req.method} ${req.url}${tokenInfo}`);
             return next(new ForbiddenError("Invalid CSRF token"));
         }