diff --git a/CHANGELOG.md b/CHANGELOG.md
index bece8e44..dcac3bfd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Fixed
+- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request
+
 ## [7.1.0] - released 2018-04-22
 
 ### Changed
diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php
index 65fe861e..a62d961d 100644
--- a/src/Exception/OAuthServerException.php
+++ b/src/Exception/OAuthServerException.php
@@ -294,13 +294,9 @@ class OAuthServerException extends \Exception
         // include the "WWW-Authenticate" response header field
         // matching the authentication scheme used by the client.
         // @codeCoverageIgnoreStart
-        if ($this->errorType === 'invalid_client') {
-            $authScheme = 'Basic';
-            if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false
-                && strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0
-            ) {
-                $authScheme = 'Bearer';
-            }
+        if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) {
+            $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic';
+
             $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
         }
         // @codeCoverageIgnoreEnd