diff --git a/tests/unit/integration/secrets/test_views.py b/tests/unit/integration/secrets/test_views.py
index e5c9eaca43fc..27693b6d1706 100644
--- a/tests/unit/integration/secrets/test_views.py
+++ b/tests/unit/integration/secrets/test_views.py
@@ -15,6 +15,8 @@
 import pretend
 import pytest
 
+from webob.headers import EnvironHeaders
+
 from warehouse.integrations.secrets import config, utils, views
 
 
@@ -34,6 +36,18 @@ class TestDiscloseToken:
                 "https://api.github.com/meta/public_keys/token_scanning",
                 "token",
             ),
+            (
+                config._github_origin,
+                {  # Test for case-insensitivity on header names
+                    "GitHub-Public-Key-Identifier": "foo",
+                    "GitHub-Public-Key-Signature": "bar",
+                },
+                {
+                    "github.token": "token",
+                },
+                "https://api.github.com/meta/public_keys/token_scanning",
+                "token",
+            ),
             (
                 config._depsdev_origin,
                 {
@@ -57,7 +71,9 @@ def test_disclose_token(
         api_url,
         api_token,
     ):
-        pyramid_request.headers = headers
+        pyramid_request.headers = EnvironHeaders({})
+        for k, v in headers.items():
+            pyramid_request.headers[k] = v
         pyramid_request.body = "[1, 2, 3]"
         pyramid_request.json_body = [1, 2, 3]
         pyramid_request.registry.settings = settings
diff --git a/warehouse/integrations/secrets/views.py b/warehouse/integrations/secrets/views.py
index ad0c11ececb5..11e50f6e251f 100644
--- a/warehouse/integrations/secrets/views.py
+++ b/warehouse/integrations/secrets/views.py
@@ -21,7 +21,7 @@
 
 def _detect_origin(request):
     for origin in config.origins:
-        if origin.headers.issubset(request.headers.keys()):
+        if all([k in request.headers for k in origin.headers]):
             return origin