diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java b/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
index d5d83da2fda..089d663a7f2 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcher.java
@@ -135,7 +135,7 @@ else if (!matchesHeader(requestValue, expectedHeaderEntry.getValue())) {
 
     private boolean matchesHeader(String requestValue, List<String> expectedValues) {
         for (String headerValue : expectedValues) {
-            if ("bearer ".equalsIgnoreCase(headerValue)) {
+            if ("bearer".equalsIgnoreCase(headerValue.trim())) {
                 //case insensitive for Authorization: Bearer match
                 if (requestValue == null || !requestValue.toLowerCase().startsWith(headerValue)) {
                     return false;