diff --git a/command/agent/agent_endpoint_test.go b/command/agent/agent_endpoint_test.go
index aa913aaddbb..556595f576a 100644
--- a/command/agent/agent_endpoint_test.go
+++ b/command/agent/agent_endpoint_test.go
@@ -1445,7 +1445,7 @@ func TestHTTP_XSS_Monitor(t *testing.T) {
 			if tc.JSON {
 				ct = "application/json"
 			}
-			require.Equal(t, []string{ct}, resp.HeaderMap.Values("Content-Type"))
+			require.Equal(t, ct, resp.HeaderMap.Get("Content-Type"))
 
 			// Close response writer and log to make AgentMonitor exit
 			resp.Close()
diff --git a/command/agent/fs_endpoint_test.go b/command/agent/fs_endpoint_test.go
index 1c66a787661..0499f67fa47 100644
--- a/command/agent/fs_endpoint_test.go
+++ b/command/agent/fs_endpoint_test.go
@@ -344,11 +344,11 @@ func TestHTTP_FS_ReadAt_XSS(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, xssLoggerMockDriverStdout, string(buf))
 
-		require.Equal(t, []string{"text/plain"}, resp.Header.Values("Content-Type"))
-		require.Equal(t, []string{"nosniff"}, resp.Header.Values("X-Content-Type-Options"))
-		require.Equal(t, []string{"1; mode=block"}, resp.Header.Values("X-XSS-Protection"))
-		require.Equal(t, []string{"default-src 'none'; style-src 'unsafe-inline'; sandbox"},
-			resp.Header.Values("Content-Security-Policy"))
+		require.Equal(t, "text/plain", resp.Header.Get("Content-Type"))
+		require.Equal(t, "nosniff", resp.Header.Get("X-Content-Type-Options"))
+		require.Equal(t, "1; mode=block", resp.Header.Get("X-XSS-Protection"))
+		require.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox",
+			resp.Header.Get("Content-Security-Policy"))
 	})
 }
 
@@ -389,11 +389,11 @@ func TestHTTP_FS_Cat_XSS(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, xssLoggerMockDriverStdout, string(buf))
 
-		require.Equal(t, []string{"text/plain"}, resp.Header.Values("Content-Type"))
-		require.Equal(t, []string{"nosniff"}, resp.Header.Values("X-Content-Type-Options"))
-		require.Equal(t, []string{"1; mode=block"}, resp.Header.Values("X-XSS-Protection"))
-		require.Equal(t, []string{"default-src 'none'; style-src 'unsafe-inline'; sandbox"},
-			resp.Header.Values("Content-Security-Policy"))
+		require.Equal(t, "text/plain", resp.Header.Get("Content-Type"))
+		require.Equal(t, "nosniff", resp.Header.Get("X-Content-Type-Options"))
+		require.Equal(t, "1; mode=block", resp.Header.Get("X-XSS-Protection"))
+		require.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox",
+			resp.Header.Get("Content-Security-Policy"))
 	})
 }
 
@@ -560,7 +560,7 @@ func TestHTTP_FS_Logs_XSS(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, xssLoggerMockDriverStdout, string(buf))
 
-		require.Equal(t, []string{"text/plain"}, resp.Header.Values("Content-Type"))
+		require.Equal(t, "text/plain", resp.Header.Get("Content-Type"))
 	})
 }
 
diff --git a/command/agent/http.go b/command/agent/http.go
index 03d38b57fb8..d0451817e70 100644
--- a/command/agent/http.go
+++ b/command/agent/http.go
@@ -62,6 +62,8 @@ type HTTPServer struct {
 	wsUpgrader *websocket.Upgrader
 }
 
+type handlerFn func(resp http.ResponseWriter, req *http.Request) (interface{}, error)
+
 // NewHTTPServer starts new HTTP server over the agent
 func NewHTTPServer(agent *Agent, config *Config) (*HTTPServer, error) {
 	// Start the listener