diff --git a/libraries/src/Application/WebApplication.php b/libraries/src/Application/WebApplication.php
index f56e4360d5de3..ec137e8859c6f 100644
--- a/libraries/src/Application/WebApplication.php
+++ b/libraries/src/Application/WebApplication.php
@@ -157,22 +157,32 @@ class WebApplication extends BaseApplication
 	 */
 	private $singleValueResponseHeaders = array(
 		'status', // This is not a valid header name, but the representation used by Joomla to identify the HTTP Response Code
-		'Content-Length',
-		'Host',
-		'Content-Type',
-		'Content-Location',
-		'Date',
-		'Location',
-		'Retry-After',
-		'Server',
-		'Mime-Version',
-		'Last-Modified',
-		'ETag',
-		'Accept-Ranges',
-		'Content-Range',
-		'Age',
-		'Expires',
-		'Clear-Site-Data',
+		'content-length',
+		'host',
+		'content-type',
+		'content-location',
+		'date',
+		'location',
+		'retry-after',
+		'server',
+		'mime-version',
+		'last-modified',
+		'etag',
+		'accept-ranges',
+		'content-range',
+		'age',
+		'expires',
+		'clear-site-data',
+		'pragma',
+		'strict-transport-security',
+		'content-security-policy',
+		'content-security-policy-report-only',
+		'x-frame-options',
+		'x-xss-protection',
+		'x-content-type-options',
+		'referrer-policy',
+		'expect-ct',
+		'feature-policy',
 	);
 
 	/**
@@ -740,7 +750,7 @@ public function setHeader($name, $value, $replace = false)
 		 * If ($keys && $replace) it's a replacement and previous have been deleted
 		 * If ($keys && !in_array...) it's a multiple value header
 		 */
-		$single = in_array($name, $this->singleValueResponseHeaders);
+		$single = in_array(strtolower($name), $this->singleValueResponseHeaders);
 
 		if ($value && (!$keys || ($keys && ($replace || !$single))))
 		{