diff --git a/src/mod_cgi.c b/src/mod_cgi.c
index 27f46858..b7145814 100644
--- a/src/mod_cgi.c
+++ b/src/mod_cgi.c
@@ -352,6 +352,8 @@ static int cgi_response_parse(server *srv, connection *con, plugin_data *p, buff
 					} else {
 						con->http_status = 502;
 					}
+					/* do not send Status to client */
+					buffer_reset(ds->value);
 				}
 				break;
 			case 8:
diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c
index ec8090ea..ae8bd2c6 100644
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@@ -2077,7 +2077,7 @@ static int fcgi_response_parse(server *srv, connection *con, plugin_data *p, buf
 			/* authorizers shouldn't affect the response headers sent back to the client */
 
 			/* don't forward Status: */
-			if (0 != strncasecmp(key, "Status", key_len)) {
+			if (key_len != sizeof("Status")-1 || 0 != strncasecmp(key, "Status", key_len)) {
 				data_string *ds;
 				if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
 					ds = data_response_init();
diff --git a/src/mod_scgi.c b/src/mod_scgi.c
index 63ca577a..6f2ede83 100644
--- a/src/mod_scgi.c
+++ b/src/mod_scgi.c
@@ -1742,6 +1742,8 @@ static int scgi_response_parse(server *srv, connection *con, plugin_data *p, buf
 					} else {
 						con->http_status = 502;
 					}
+					/* do not send Status to client */
+					buffer_reset(ds->value);
 				}
 				break;
 			case 8: