diff --git a/src/core/classes/site.ts b/src/core/classes/site.ts
index 3420106dc..31e0b3005 100644
--- a/src/core/classes/site.ts
+++ b/src/core/classes/site.ts
@@ -46,7 +46,6 @@ import { asyncInstance, AsyncInstance } from '../utils/async-instance';
 import { CoreDatabaseTable } from './database/database-table';
 import { CoreDatabaseCachingStrategy } from './database/database-table-proxy';
 import { CoreSilentError } from './errors/silenterror';
-import { CoreWindow } from '@singletons/window';
 
 /**
  * QR Code type enumeration.
@@ -1608,16 +1607,7 @@ export class CoreSite {
         if (inApp) {
             return CoreUtils.openInApp(autoLoginUrl, options);
         } else {
-            if ((options.showBrowserWarning || options.showBrowserWarning === undefined) && autoLoginUrl !== url) {
-                // Don't display the autologin URL in the warning.
-                try {
-                    await CoreWindow.confirmOpenBrowserIfNeeded(url);
-
-                    options.showBrowserWarning = false;
-                } catch (error) {
-                    return; // Cancelled, stop.
-                }
-            }
+            options.browserWarningUrl = url;
 
             return CoreUtils.openInBrowser(autoLoginUrl, options);
         }
diff --git a/src/core/services/utils/utils.ts b/src/core/services/utils/utils.ts
index ef080cc23..0485bb253 100644
--- a/src/core/services/utils/utils.ts
+++ b/src/core/services/utils/utils.ts
@@ -1112,7 +1112,7 @@ export class CoreUtilsProvider {
     async openInBrowser(url: string, options: CoreUtilsOpenInBrowserOptions = {}): Promise<void> {
         if (options.showBrowserWarning || options.showBrowserWarning === undefined) {
             try {
-                await CoreWindow.confirmOpenBrowserIfNeeded(url);
+                await CoreWindow.confirmOpenBrowserIfNeeded(options.browserWarningUrl ?? url);
             } catch (error) {
                 return; // Cancelled, stop.
             }
@@ -1836,6 +1836,7 @@ export type CoreUtilsOpenFileOptions = {
  */
 export type CoreUtilsOpenInBrowserOptions = {
     showBrowserWarning?: boolean; // Whether to display a warning before opening in browser. Defaults to true.
+    browserWarningUrl?: string; // The URL to display in the warning message. Use it to hide sensitive information.
 };
 
 /**
diff --git a/src/core/singletons/window.ts b/src/core/singletons/window.ts
index 328fbbda6..95b94247c 100644
--- a/src/core/singletons/window.ts
+++ b/src/core/singletons/window.ts
@@ -61,6 +61,11 @@ export class CoreWindow {
             return;
         }
 
+        // Remove common sensitive information from the URL.
+        url = url
+            .replace(/token=[^&#]+/gi, 'token=secret')
+            .replace(/tokenpluginfile\.php\/[^/]+/gi, 'tokenpluginfile.php/secret');
+
         const dontShowAgain = await CoreDomUtils.showPrompt(
             Translate.instant('core.warnopeninbrowser', { url }),
             undefined,