diff --git a/pkg/api/authn.go b/pkg/api/authn.go
index d5377b0a9a..12e80bcbe7 100644
--- a/pkg/api/authn.go
+++ b/pkg/api/authn.go
@@ -181,7 +181,7 @@ func basicAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 
 				return
 			}
-			if request.Header.Get("Authorization") == "" && checkAnonymousPolicyExists(ctlr.Config.AccessControl) {
+			if request.Header.Get("Authorization") == "" && anonymousPolicyExists(ctlr.Config.AccessControl) {
 				// Process request
 				next.ServeHTTP(response, request)
 
@@ -198,7 +198,7 @@ func basicAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 
 			// some client tools might send Authorization: Basic Og== (decoded into ":")
 			// empty username and password
-			if username == "" && passphrase == "" && checkAnonymousPolicyExists(ctlr.Config.AccessControl) {
+			if username == "" && passphrase == "" && anonymousPolicyExists(ctlr.Config.AccessControl) {
 				// Process request
 				next.ServeHTTP(response, request)
 
diff --git a/pkg/api/authz.go b/pkg/api/authz.go
index 71b19c4a2f..2d66ef3878 100644
--- a/pkg/api/authz.go
+++ b/pkg/api/authz.go
@@ -253,7 +253,7 @@ func authzFail(w http.ResponseWriter, realm string, delay int) {
 	WriteJSON(w, http.StatusForbidden, NewErrorList(NewError(DENIED)))
 }
 
-func checkAnonymousPolicyExists(config *config.AccessControlConfig) bool {
+func anonymousPolicyExists(config *config.AccessControlConfig) bool {
 	if config == nil {
 		return false
 	}
diff --git a/pkg/api/controller.go b/pkg/api/controller.go
index bb764968e1..2f6d4b43bc 100644
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@@ -191,7 +191,7 @@ func (c *Controller) Run(reloadCtx context.Context) error {
 		if c.Config.HTTP.TLS.CACert != "" {
 			clientAuth := tls.VerifyClientCertIfGiven
 			if (c.Config.HTTP.Auth == nil || c.Config.HTTP.Auth.HTPasswd.Path == "") &&
-				!checkAnonymousPolicyExists(c.Config.AccessControl) {
+				!anonymousPolicyExists(c.Config.AccessControl) {
 				clientAuth = tls.RequireAndVerifyClientCert
 			}
 
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index 990515e0d5..290c0b634b 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -140,13 +140,11 @@ func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, reques
 	response.Header().Set(constants.DistAPIVersion, "registry/2.0")
 	// NOTE: compatibility workaround - return this header in "allowed-read" mode to allow for clients to
 	// work correctly
-	if checkAnonymousPolicyExists(rh.c.Config.AccessControl) {
-		if rh.c.Config.HTTP.Auth != nil {
-			if rh.c.Config.HTTP.Auth.Bearer != nil {
-				response.Header().Set("WWW-Authenticate", fmt.Sprintf("bearer realm=%s", rh.c.Config.HTTP.Auth.Bearer.Realm))
-			} else {
-				response.Header().Set("WWW-Authenticate", fmt.Sprintf("basic realm=%s", rh.c.Config.HTTP.Realm))
-			}
+	if rh.c.Config.HTTP.Auth != nil {
+		if rh.c.Config.HTTP.Auth.Bearer != nil {
+			response.Header().Set("WWW-Authenticate", fmt.Sprintf("bearer realm=%s", rh.c.Config.HTTP.Auth.Bearer.Realm))
+		} else {
+			response.Header().Set("WWW-Authenticate", fmt.Sprintf("basic realm=%s", rh.c.Config.HTTP.Realm))
 		}
 	}