diff --git a/providers/hpcloud-objectstorage/src/main/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobRequestSigner.java b/providers/hpcloud-objectstorage/src/main/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobRequestSigner.java
index 571afa742d..a321211caa 100644
--- a/providers/hpcloud-objectstorage/src/main/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobRequestSigner.java
+++ b/providers/hpcloud-objectstorage/src/main/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobRequestSigner.java
@@ -21,6 +21,7 @@ package org.jclouds.hpcloud.objectstorage.blobstore;
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Predicates.instanceOf;
+import static com.google.common.base.Predicates.not;
 import static com.google.common.collect.Iterables.filter;
 import static org.jclouds.blobstore.util.BlobStoreUtils.cleanRequest;
 
@@ -142,7 +143,9 @@ public class HPCloudObjectStorageBlobRequestSigner implements BlobRequestSigner
 
    private HttpRequest signForTemporaryAccess(HttpRequest request, long timeInSeconds) {
       HttpRequest.Builder builder = request.toBuilder();
-      builder.filters(filter(request.getFilters(), instanceOf(AuthenticateRequest.class)));
+      // HP Cloud does not use X-Auth-Token for temporary signed URLs and
+      // leaking this allows clients arbitrary privileges until token timeout.
+      builder.filters(filter(request.getFilters(), not(instanceOf(AuthenticateRequest.class))));
 
       long expiresInSeconds = unixEpochTimestampProvider.get() + timeInSeconds;
       String signature = createSignature(secretKey, createStringToSign(
diff --git a/providers/hpcloud-objectstorage/src/test/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobSignerExpectTest.java b/providers/hpcloud-objectstorage/src/test/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobSignerExpectTest.java
index 54c6caad37..51bf2a44be 100644
--- a/providers/hpcloud-objectstorage/src/test/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobSignerExpectTest.java
+++ b/providers/hpcloud-objectstorage/src/test/java/org/jclouds/hpcloud/objectstorage/blobstore/HPCloudObjectStorageBlobSignerExpectTest.java
@@ -61,7 +61,7 @@ public class HPCloudObjectStorageBlobSignerExpectTest extends BaseBlobSignerExpe
    protected HttpRequest getBlobWithTime() {
       return HttpRequest.builder().method("GET")
             .endpoint("https://objects.jclouds.org/v1.0/40806637803162/container/name?temp_url_sig=40806637803162%3Aidentity%3Ada88bc31122f0d0806b1c7bf71cd3af5c5d5b94c&temp_url_expires=123456792")
-            .addHeader("X-Auth-Token", "Auth_4f173437e4b013bee56d1007").build();
+            .build();
    }
 
    @Override
@@ -82,7 +82,7 @@ public class HPCloudObjectStorageBlobSignerExpectTest extends BaseBlobSignerExpe
    protected HttpRequest putBlobWithTime() {
       return HttpRequest.builder().method("PUT")
             .endpoint("https://objects.jclouds.org/v1.0/40806637803162/container/name?temp_url_sig=40806637803162%3Aidentity%3Ac90269245ab0a316d5ea5e654d4c2a975fb4bf77&temp_url_expires=123456792")
-            .addHeader("X-Auth-Token", "Auth_4f173437e4b013bee56d1007").build();
+            .build();
    }
 
    @Override