After upgrading from Zabbix 4.0 to 6.0, Web Monitoring with redirects fails because authentication credentials are no longer sent to the target.

This happens because the OS upgrade also updated libcurl, which changed the behavior and no longer send custom Authorization: headers to subsequent hosts.
This seems to be affected bythis fix: https://curl.se/docs/CVE-2018-1000007.html

Currently Zabbix uses CURLOPT_FOLLOWLOCATION option of libcurl to follow redirects, but for those migrating from 4.0, there should be an option to enable CURLOPT_UNRESTRICTED_AUTH to maintain previous behavior.
Please consider adding this option.