diff --git a/ChangeLog b/ChangeLog
index ad919ee..0f6ec53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+01/21/2023
+- revert header_add/header_set change
+- release 1.4.5.4
+
 01/20/2023
 - don't add WWW-Authenticate header(s) but (over)write a single one; see zmartzone/mod_oauth2#42
 - release 1.4.5.3
diff --git a/configure.ac b/configure.ac
index 8d89e77..956e8a3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.5.3],[hans.zandbelt@zmartzone.eu])
+AC_INIT([liboauth2],[1.4.5.4],[hans.zandbelt@zmartzone.eu])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/include/oauth2/apache.h b/include/oauth2/apache.h
index 7fc86b3..9efa329 100644
--- a/include/oauth2/apache.h
+++ b/include/oauth2/apache.h
@@ -309,7 +309,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 					  const char *error_description);
 bool oauth2_apache_request_header_set(oauth2_log_t *log, void *rec,
 				      const char *name, const char *value);
-void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value);
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,
 				 oauth2_cfg_target_pass_t *target_pass);
diff --git a/include/oauth2/oauth2.h b/include/oauth2/oauth2.h
index 3600910..4611d16 100644
--- a/include/oauth2/oauth2.h
+++ b/include/oauth2/oauth2.h
@@ -55,7 +55,8 @@
 #define OAUTH2_ERROR_INVALID_TOKEN "invalid_token"
 #define OAUTH2_ERROR_INVALID_REQUEST "invalid_request"
 #define OAUTH2_ERROR_INSUFFICIENT_SCOPE "insufficient_scope"
-#define OAUTH2_ERROR_INSUFFICIENT_USER_AUTHENTICATION "insufficient_user_authentication"
+#define OAUTH2_ERROR_INSUFFICIENT_USER_AUTHENTICATION                          \
+	"insufficient_user_authentication"
 
 #define OAUTH2_CLAIM_ISS "iss"
 #define OAUTH2_CLAIM_SUB "sub"
diff --git a/src/server/apache.c b/src/server/apache.c
index e62bc7e..2b7114b 100644
--- a/src/server/apache.c
+++ b/src/server/apache.c
@@ -384,7 +384,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 		hdr = apr_psprintf(ctx->r->pool, "%s, %s=\"%s\"", hdr,
 				   OAUTH2_ERROR_DESCRIPTION, error_description);
 
-	oauth2_apache_hdr_out_set(ctx->log, ctx->r,
+	oauth2_apache_hdr_out_add(ctx->log, ctx->r,
 				  OAUTH2_HTTP_HDR_WWW_AUTHENTICATE, hdr);
 
 	oauth2_debug(ctx->log, "leave");
@@ -423,11 +423,11 @@ bool oauth2_apache_http_request_set(oauth2_log_t *log,
 	return rc;
 }
 
-bool oauth2_apache_response_header_set(oauth2_log_t *log, void *rec,
+bool oauth2_apache_response_header_add(oauth2_log_t *log, void *rec,
 				       const char *name, const char *value)
 {
 	request_rec *r = (request_rec *)rec;
-	oauth2_apache_hdr_out_set(log, r, name, value);
+	oauth2_apache_hdr_out_add(log, r, name, value);
 	return true;
 }
 
@@ -441,7 +441,7 @@ bool oauth2_apache_http_response_set(oauth2_log_t *log,
 		goto end;
 
 	oauth2_http_response_headers_loop(log, response,
-					  oauth2_apache_response_header_set, r);
+					  oauth2_apache_response_header_add, r);
 
 	r->status = oauth2_http_response_status_code_get(log, response);
 
@@ -452,11 +452,11 @@ bool oauth2_apache_http_response_set(oauth2_log_t *log,
 	return rc;
 }
 
-void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value)
 {
 	oauth2_debug(log, "%s: %s", name, value);
-	apr_table_set(r->err_headers_out, name, value);
+	apr_table_add(r->err_headers_out, name, value);
 }
 
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,