diff --git a/packages/cli-kit/src/private/node/api/headers.test.ts b/packages/cli-kit/src/private/node/api/headers.test.ts
index 453dfd759b..2588dc7719 100644
--- a/packages/cli-kit/src/private/node/api/headers.test.ts
+++ b/packages/cli-kit/src/private/node/api/headers.test.ts
@@ -99,6 +99,28 @@ describe('common API methods', () => {
        - Content-Type: application/json"
     `)
   })
+
+  test('sanitizedHeadersOutput redacts AUTHORIZATION even when toLocaleLowerCase returns dotless i (Turkish locale simulation)', () => {
+    // Given
+    const headers = {
+      AUTHORIZATION: 'secret-token',
+    }
+
+    // Simulate Turkish locale where 'I' becomes 'ı' (dotless i)
+    // 'AUTHORIZATION'.toLocaleLowerCase() -> 'authorızatıon'
+    const toLocaleLowerCaseSpy = vi.spyOn(String.prototype, 'toLocaleLowerCase').mockReturnValue('authorızatıon')
+
+    try {
+      // When
+      const got = sanitizedHeadersOutput(headers)
+
+      // Then
+      expect(got).not.toContain('AUTHORIZATION: secret-token')
+      expect(got).not.toContain('secret-token')
+    } finally {
+      toLocaleLowerCaseSpy.mockRestore()
+    }
+  })
 })
 
 describe('GraphQLClientError', () => {
diff --git a/packages/cli-kit/src/private/node/api/headers.ts b/packages/cli-kit/src/private/node/api/headers.ts
index 37145ac9c8..77c434e2b3 100644
--- a/packages/cli-kit/src/private/node/api/headers.ts
+++ b/packages/cli-kit/src/private/node/api/headers.ts
@@ -35,7 +35,7 @@ export function sanitizedHeadersOutput(headers: Record<string, string>): string
   const sanitized: Record<string, string> = {}
   const keywords = ['token', 'authorization', 'subject_token', 'cookie']
   Object.keys(headers).forEach((header) => {
-    if (keywords.find((keyword) => header.toLocaleLowerCase().includes(keyword)) === undefined) {
+    if (keywords.find((keyword) => header.toLowerCase().includes(keyword)) === undefined) {
       sanitized[header] = headers[header]!
     }
   })