diff --git a/component/apache/apache-backend.conf.in b/component/apache/apache-backend.conf.in
index 92f709b2866708ce5dfd6207079fad346690c81a..e961f5af2b14ab35504e23f31aab0e23ef8420ba 100644
--- a/component/apache/apache-backend.conf.in
+++ b/component/apache/apache-backend.conf.in
@@ -131,13 +131,11 @@ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:EC
 SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000)
 SSLProxyEngine On
 
-# As backend is trusting REMOTE_USER header unset it always
-RequestHeader unset REMOTE_USER
-RequestHeader unset SSL_CLIENT_SERIAL
+# As backend is trusting Remote-User header unset it always
+RequestHeader unset Remote-User
 {% if parameter_dict['ca-cert'] -%}
 SSLVerifyClient optional
-RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
-RequestHeader set SSL_CLIENT_SERIAL "%{SSL_CLIENT_M_SERIAL}s"
+RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
 SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
 {%   if parameter_dict['crl'] -%}
 SSLCARevocationCheck chain
diff --git a/component/apache/buildout.hash.cfg b/component/apache/buildout.hash.cfg
index 8aa7cbf7c82640b9e31cd299df0a66b2c754b4f0..ed4569c6b4dceeb0b6dfcd1b02b7793bf3588048 100644
--- a/component/apache/buildout.hash.cfg
+++ b/component/apache/buildout.hash.cfg
@@ -14,5 +14,5 @@
 # not need these here).
 [template-apache-backend-conf]
 filename = apache-backend.conf.in
-md5sum = 84d43d3535ffc67f677710b1d97e19aa
+md5sum = bb8c175a93336f0e1838fd47225426f9
 
diff --git a/software/apache-frontend/buildout.hash.cfg b/software/apache-frontend/buildout.hash.cfg
index 96c562672af0b7aa7c7fc535818d391063e8e2fc..de6b223119965bf380b8ec313970d7838a164e86 100644
--- a/software/apache-frontend/buildout.hash.cfg
+++ b/software/apache-frontend/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = a6b566a29f1b5021d0f1f3c4fa20d749
+md5sum = d6398d727eb1e1bc3df1768a9b9a7e0c
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -38,7 +38,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
 
 [template-apache-frontend-configuration]
 filename = templates/apache.conf.in
-md5sum = 05239181f4d5d0e3fe6bccda587fa9a5
+md5sum = b666d7c4a5c1fd8020713aa53b44a386
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
diff --git a/software/apache-frontend/templates/apache.conf.in b/software/apache-frontend/templates/apache.conf.in
index 6a3a0b1cbe2b43864e2f7425c6a79ca90e25057f..6fcbd850314289eaa0f5190da18c442b49313c23 100644
--- a/software/apache-frontend/templates/apache.conf.in
+++ b/software/apache-frontend/templates/apache.conf.in
@@ -20,9 +20,6 @@ TypesConfig {{ httpd_home }}/conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
 
-# As backend is trusting REMOTE_USER header unset it always
-RequestHeader unset REMOTE_USER
-
 ServerTokens Prod
 
 # Disable TRACE Method
diff --git a/software/caddy-frontend/buildout.hash.cfg b/software/caddy-frontend/buildout.hash.cfg
index 52567aa03c8f34718f7164616c09ecdaebbb5988..6fd0dd90eba2231396cdf0178963d93ab81f14c0 100644
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -54,11 +54,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 2694992850b565edebf11dae62f032c7
+md5sum = 8198e3ad06a4d6c750d22d8cf854fa41
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 434ff5db37b6b980713b03a37eed928a
+md5sum = db68c015f1ac06d74f9373f6f846577d
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
diff --git a/software/caddy-frontend/templates/cached-virtualhost.conf.in b/software/caddy-frontend/templates/cached-virtualhost.conf.in
index c4e49d249c424db47ec9066abdf07f2e80013793..8d55568b8a3272b7228c8fe30145fd0d8acf1734 100644
--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -21,8 +21,6 @@
   proxy / {{ slave_parameter.get('backend_url', '') }} {
     try_duration {{ slave_parameter['proxy_try_duration'] }}s
     try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    # As backend is trusting REMOTE_USER header unset it always
-    header_upstream -REMOTE_USER
 
     transparent
     timeout 600s
@@ -49,8 +47,6 @@
   proxy / {{ slave_parameter.get('https_backend_url', '') }} {
     try_duration {{ slave_parameter['proxy_try_duration'] }}s
     try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    # As backend is trusting REMOTE_USER header unset it always
-    header_upstream -REMOTE_USER
     transparent
     timeout 600s
 {%- if ssl_proxy_verify %}
diff --git a/software/caddy-frontend/templates/default-virtualhost.conf.in b/software/caddy-frontend/templates/default-virtualhost.conf.in
index 17d20f21600de209d8ebe7b9d266c76060a85196..18887e414f7bdd204a5de817cb23be2d9ecb91e9 100644
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -108,8 +108,6 @@
     without /prefer-gzip
     header_upstream Accept-Encoding gzip
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-    # As backend is trusting REMOTE_USER header unset it always
-    header_upstream -REMOTE_USER
 {%- for disabled_cookie in disabled_cookie_list %}
     # Remove cookie {{ disabled_cookie }} from client Cookies
     header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
@@ -245,8 +243,6 @@
     without /prefer-gzip
     header_upstream Accept-Encoding gzip
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-    # As backend is trusting REMOTE_USER header unset it always
-    header_upstream -REMOTE_USER
 {%- for disabled_cookie in disabled_cookie_list %}
     # Remove cookie {{ disabled_cookie }} from client Cookies
     header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
diff --git a/software/caddy-frontend/test/test.py b/software/caddy-frontend/test/test.py
index b3b8742fcb2eca9211ed875b0e436f1ea6f9fc76..111b28e8c3180dd3472ee3a2b009bb191785ed62 100644
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -883,7 +883,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
                       headers=None, cookies=None, source_ip=None):
     if headers is None:
       headers = {}
-    headers.setdefault('REMOTE_USER', 'SOME_REMOTE_USER')
     # workaround request problem of setting Accept-Encoding
     # https://github.com/requests/requests/issues/2234
     headers.setdefault('Accept-Encoding', 'dummy')
@@ -908,7 +907,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
                      headers=None):
     if headers is None:
       headers = {}
-    headers.setdefault('REMOTE_USER', 'SOME_REMOTE_USER')
     # workaround request problem of setting Accept-Encoding
     # https://github.com/requests/requests/issues/2234
     headers.setdefault('Accept-Encoding', 'dummy')
@@ -1475,7 +1473,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
         self.instance_path, '*', 'var', 'log', 'httpd', '_empty_access_log'
       ))[0]
 
-    log_regexp = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} - SOME_REMOTE_USER ' \
+    log_regexp = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} - - ' \
                  r'\[\d{2}\/.{3}\/\d{4}\:\d{2}\:\d{2}\:\d{2} \+\d{4}\] ' \
                  r'"GET \/test-path HTTP\/1.1" 404 \d+ "-" '\
                  r'"python-requests.*" \d+'
diff --git a/software/slapos-master/apache-backend.conf.in b/software/slapos-master/apache-backend.conf.in
index e2a3a41cdf77c9ee13f2446e3c0701d55023b22f..f940d2bd3e5fd0bba2482b323173c4e8c1a1ed2c 100644
--- a/software/slapos-master/apache-backend.conf.in
+++ b/software/slapos-master/apache-backend.conf.in
@@ -131,13 +131,11 @@ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:EC
 SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000)
 SSLProxyEngine On
 
-# As backend is trusting REMOTE_USER header unset it always
-RequestHeader unset REMOTE_USER
-RequestHeader unset SSL_CLIENT_SERIAL
+# As backend is trusting Remote-User header unset it always
+RequestHeader unset Remote-User
 {% if parameter_dict['ca-cert'] -%}
 SSLVerifyClient optional
-RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
-RequestHeader set SSL_CLIENT_SERIAL "%{SSL_CLIENT_M_SERIAL}s"
+RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
 SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
 {%   if not parameter_dict['shared-ca-cert'] %}
 {%     if parameter_dict['crl'] -%}
@@ -168,7 +166,7 @@ Listen {{ ip }}:{{ port }}
 {% if enable_authentication and parameter_dict['shared-ca-cert'] and parameter_dict['shared-crl'] -%}
   SSLVerifyClient require
   # Custom block we use for now different parameters.
-  RequestHeader set REMOTE_USER %{SSL_CLIENT_S_DN_CN}s
+  RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
   SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
   SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
 
diff --git a/software/slapos-master/buildout.hash.cfg b/software/slapos-master/buildout.hash.cfg
index c36184211b6adaa2cc1650144b82d2a94bbf005b..40baf7edca2afc5f0304436a0fe66d183da59a7b 100644
--- a/software/slapos-master/buildout.hash.cfg
+++ b/software/slapos-master/buildout.hash.cfg
@@ -22,4 +22,4 @@ md5sum = e8033d4fd7b6348b525a6148762ccdb4
 
 [template-apache-backend-conf]
 filename = apache-backend.conf.in
-md5sum = aff99c44ccf16eaa2ca25430d76d3bd6
+md5sum = 48f086ce1acffca7bab942b43d856fb7