diff --git a/lib/access_functions.js b/lib/access_functions.js
index e8f9978..62e2cf2 100644
--- a/lib/access_functions.js
+++ b/lib/access_functions.js
@@ -138,9 +138,9 @@ function pepResponse(req, res) {
     .then((response) => {
       debug(req.user ? 'Permitted.' : 'Public path.');
       res.statusCode = response.statusCode;
-      res.headers = response.headers;
-      if (response.headers['content-type']){
-        res.type(response.headers['content-type'])
+      res.set(response.headers);
+      if (response.headers['content-type']) {
+        res.type(response.headers['content-type']);
       }
       return response.body ? res.send(response.body) : res.send();
     })
diff --git a/test/unit/authentication-test.js b/test/unit/authentication-test.js
index 6d1cbfa..42d9b0f 100644
--- a/test/unit/authentication-test.js
+++ b/test/unit/authentication-test.js
@@ -260,4 +260,30 @@ describe('Authentication: Keyrock IDM', () => {
         });
     });
   });
+
+  describe('When a restricted path is requested and headers are returned', () => {
+    beforeEach(() => {
+      contextBrokerMock = nock('http://fiware.org:1026').get('/restricted').reply(
+        StatusCodes.OK,
+        {},
+        {
+          'Content-Type': 'application/ld+json',
+          'NGSILD-Results-Count': 140000
+        }
+      );
+      idmMock = nock('http://keyrock.com:3000')
+        .get('/user?access_token=' + shortToken + '&app_id=application_id')
+        .reply(StatusCodes.OK, keyrock_user_response);
+    });
+    it('should return all headers and set the content-type', (done) => {
+      got.get('restricted', bearer_token).then((response) => {
+        contextBrokerMock.done();
+        idmMock.done();
+        should.equal(response.statusCode, StatusCodes.OK);
+        should.equal(response.headers['ngsild-results-count'], 140000);
+        should.equal(response.headers['content-type'], 'application/ld+json; charset=utf-8');
+        done();
+      });
+    });
+  });
 });