Getting multiple HTTP response headers for Wordpress site running on Apache2

Question

I am currently trying to configure the response headers for a Wordpress website.

Web Server: Apache 2

Operating System: Ubuntu 16.04

Right now, I have figured out that I am able to modify the HTTP response headers for the website through 3 different ways:

1. Configuring apache2.conf in /etc/apache2

2. Configuring the .htaccess file within the Wordpress directory

   (I do not have mod_headers.c therefore I cannot use this method)

3. Directly specifying the headers to use in the header.php file of the current Wordpress theme

Previously I set the website's response headers through directly specifying the HTTP headers in the header.php file (which contains all the scripts and whatnot to be used for each page). However right now, I'm trying to move all header configuration into apache2.conf such that all sites hosted on the server have the same response headers.

However, after restarting the Apache server, I am getting duplicate response headers even though I had removed all header declarations from the header.php file, and I am not sure why...

Because of security issues, the authorities of the main domain that my department's site is on is requiring us to only specify one instance of each HTTP header.

Does anyone know how to resolve this issue, also, what are the best practices for setting HTTP response headers for sites hosted on an Apache 2 server?