diff --git a/harness/harness.go b/harness/harness.go
index ccb877e..85ef53f 100644
--- a/harness/harness.go
+++ b/harness/harness.go
@@ -47,10 +47,12 @@ type Harness struct {
 	proxy      *httputil.ReverseProxy
 }
 
-func renderError(w http.ResponseWriter, r *http.Request, err error) {
-	req, resp := revel.NewRequest(r), revel.NewResponse(w)
-	c := revel.NewController(req, resp)
-	c.RenderError(err).Apply(req, resp)
+func renderError(iw http.ResponseWriter, ir *http.Request, err error) {
+	context := revel.NewGOContext(nil)
+	context.Request.SetRequest(ir)
+	context.Response.SetResponse(iw)
+	c := revel.NewController(context)
+	c.RenderError(err).Apply(c.Request, c.Response)
 }
 
 // ServeHTTP handles all requests.
diff --git a/revel/skeleton/app/init.go b/revel/skeleton/app/init.go
index 74767e9..85ee7f4 100644
--- a/revel/skeleton/app/init.go
+++ b/revel/skeleton/app/init.go
@@ -43,9 +43,9 @@ func init() {
 // should probably also have a filter for CSRF
 // not sure if it can go in the same filter or not
 var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
-	c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
-	c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
-	c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
+	c.Response.SetHeader("X-Frame-Options", "SAMEORIGIN")
+	c.Response.SetHeader("X-XSS-Protection", "1; mode=block")
+	c.Response.SetHeader( "X-Content-Type-Options", "nosniff")
 
 	fc[0](c, fc[1:]) // Execute the next filter stage.
 }