diff --git a/packages/client/src/client/auth.ts b/packages/client/src/client/auth.ts
index 1a021be18..0391e35e9 100644
--- a/packages/client/src/client/auth.ts
+++ b/packages/client/src/client/auth.ts
@@ -1439,6 +1439,10 @@ export async function executeTokenRequest(
         applyClientAuthentication(authMethod, clientInformation as OAuthClientInformation, headers, tokenRequestParams);
     }
 
+    // Ensure Content-Type is always form-urlencoded for the token endpoint (OAuth 2.1 §3.2).
+    // Some addClientAuthentication implementations may have inadvertently set a different value.
+    headers.set('Content-Type', 'application/x-www-form-urlencoded');
+
     const response = await (fetchFn ?? fetch)(tokenUrl, {
         method: 'POST',
         headers,
diff --git a/packages/client/src/client/streamableHttp.ts b/packages/client/src/client/streamableHttp.ts
index 3d45b60e9..ccf575ed3 100644
--- a/packages/client/src/client/streamableHttp.ts
+++ b/packages/client/src/client/streamableHttp.ts
@@ -491,7 +491,9 @@ export class StreamableHTTPClientTransport implements Transport {
 
             const headers = await this._commonHeaders();
             headers.set('content-type', 'application/json');
-            headers.set('accept', 'application/json, text/event-stream');
+            if (!headers.has('accept')) {
+                headers.set('accept', 'application/json, text/event-stream');
+            }
 
             const init = {
                 ...this._requestInit,