diff --git a/registry/auth/silly/access.go b/registry/auth/silly/access.go
index 20448efda..134b0ae55 100644
--- a/registry/auth/silly/access.go
+++ b/registry/auth/silly/access.go
@@ -82,7 +82,7 @@ func (ch *challenge) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		header = fmt.Sprintf("%s,scope=%q", header, ch.scope)
 	}
 
-	w.Header().Set("Authorization", header)
+	w.Header().Set("WWW-Authenticate", header)
 	w.WriteHeader(http.StatusUnauthorized)
 }
 
diff --git a/registry/handlers/app_test.go b/registry/handlers/app_test.go
index 80f92490c..cd515dd0c 100644
--- a/registry/handlers/app_test.go
+++ b/registry/handlers/app_test.go
@@ -188,8 +188,8 @@ func TestNewApp(t *testing.T) {
 	}
 
 	expectedAuthHeader := "Bearer realm=\"realm-test\",service=\"service-test\""
-	if req.Header.Get("Authorization") != expectedAuthHeader {
-		t.Fatalf("unexpected authorization header: %q != %q", req.Header.Get("Authorization"), expectedAuthHeader)
+	if e, a := expectedAuthHeader, req.Header.Get("WWW-Authenticate"); e != a {
+		t.Fatalf("unexpected WWW-Authenticate header: %q != %q", e, a)
 	}
 
 	var errs v2.Errors