How does Squid 4 compute a request’s cache key?

Sorry if I wasn’t able to find the relevant doc on this: how does Squid 4 compute a given GET request’s cache key? Is there a way to instruct to ignore HTTP headers in how it does this, i.e. only use the URL?

Long story short, I would need Squid to cache (and serve cached answers) purely based on the URL, and ignoring in particular Authorization headers (but still use that header if it needs to hit the upstream servers).

(and yes, I understand how serving cached content regardless of the provided auth header is generally a bad idea, but it’s fine for my use case).