diff --git a/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts b/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
index 8a3106d0f9..e0e75e53ff 100644
--- a/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
+++ b/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
@@ -340,15 +340,25 @@ export const getRequestInfo = (
 
 /**
  * Makes sure options is of type string or object
+ * If a string, make sure the URL has no authentication credentials (username/password)
  * @param options for the request
  */
+
 export const isValidOptionsType = (options: unknown): boolean => {
   if (!options) {
     return false;
   }
 
   const type = typeof options;
-  return type === 'string' || (type === 'object' && !Array.isArray(options));
+
+  if (type === 'string') {
+    const parsedUrl = url.parse(options as string);
+    if (!parsedUrl.auth) {
+      return true;
+    }
+  }
+
+  return type === 'object' && !Array.isArray(options);
 };
 
 export const extractHostnameAndPort = (
diff --git a/experimental/packages/opentelemetry-instrumentation-http/test/functionals/utils.test.ts b/experimental/packages/opentelemetry-instrumentation-http/test/functionals/utils.test.ts
index c091529c9f..c9094487e8 100644
--- a/experimental/packages/opentelemetry-instrumentation-http/test/functionals/utils.test.ts
+++ b/experimental/packages/opentelemetry-instrumentation-http/test/functionals/utils.test.ts
@@ -281,7 +281,15 @@ describe('Utility', () => {
   });
 
   describe('isValidOptionsType()', () => {
-    ['', false, true, 1, 0, []].forEach(options => {
+    [
+      '',
+      false,
+      true,
+      1,
+      0,
+      'https://username:password@www.example.com/',
+      [],
+    ].forEach(options => {
       it(`should return false with the following value: ${JSON.stringify(
         options
       )}`, () => {