diff --git a/revel/skeleton/app/init.go b/revel/skeleton/app/init.go
index 2eaa06e..2977ccf 100644
--- a/revel/skeleton/app/init.go
+++ b/revel/skeleton/app/init.go
@@ -42,9 +42,9 @@ func init() {
 // should probably also have a filter for CSRF
 // not sure if it can go in the same filter or not
 var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
-	c.Response.SetHttpHeader("X-Frame-Options", "SAMEORIGIN")
-	c.Response.SetHttpHeader("X-XSS-Protection", "1; mode=block")
-	c.Response.SetHttpHeader("X-Content-Type-Options", "nosniff")
+	c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
+	c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
+	c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
 
 	fc[0](c, fc[1:]) // Execute the next filter stage.
 }