diff --git a/proxy/vmess/protocol/vmess.go b/proxy/vmess/protocol/vmess.go
index 5f4465d12..84fe1bc4d 100644
--- a/proxy/vmess/protocol/vmess.go
+++ b/proxy/vmess/protocol/vmess.go
@@ -209,15 +209,3 @@ func (request *VMessRequest) ToBytes(idHash user.CounterHash, randomRangeInt64 u
 
 	return buffer, nil
 }
-
-// VMessResponse is the header of a TCP response in VMess format.
-type VMessResponse [4]byte
-
-// NewVMessResponse creates a VMessResponse from a given VMessRequest.
-func NewVMessResponse(request *VMessRequest) *VMessResponse {
-	return &VMessResponse{
-		request.ResponseHeader[0],
-		request.ResponseHeader[1],
-		request.ResponseHeader[2],
-		request.ResponseHeader[3]}
-}
diff --git a/proxy/vmess/vmessin.go b/proxy/vmess/vmessin.go
index 0b20918e9..3f003e1f4 100644
--- a/proxy/vmess/vmessin.go
+++ b/proxy/vmess/vmessin.go
@@ -90,7 +90,6 @@ func (handler *VMessInboundHandler) HandleConnection(connection net.Conn) error
 	responseKey := md5.Sum(request.RequestKey[:])
 	responseIV := md5.Sum(request.RequestIV[:])
 
-	response := protocol.NewVMessResponse(request)
 	responseWriter, err := v2io.NewAesEncryptWriter(responseKey[:], responseIV[:], connection)
 	if err != nil {
 		return log.Error("VMessIn: Failed to create encrypt writer: %v", err)
@@ -98,7 +97,7 @@ func (handler *VMessInboundHandler) HandleConnection(connection net.Conn) error
 
 	// Optimize for small response packet
 	buffer := make([]byte, 0, 2*1024)
-	buffer = append(buffer, response[:]...)
+	buffer = append(buffer, request.ResponseHeader[:]...)
 
 	if data, open := <-output; open {
 		buffer = append(buffer, data...)
diff --git a/proxy/vmess/vmessin_udp.go b/proxy/vmess/vmessin_udp.go
index f6a91b83e..709a5835b 100644
--- a/proxy/vmess/vmessin_udp.go
+++ b/proxy/vmess/vmessin_udp.go
@@ -76,13 +76,12 @@ func (handler *VMessInboundHandler) handlePacket(conn *net.UDPConn, request *pro
 
 	buffer := bytes.NewBuffer(make([]byte, 0, bufferSize))
 
-	response := protocol.NewVMessResponse(request)
 	responseWriter, err := v2io.NewAesEncryptWriter(responseKey[:], responseIV[:], buffer)
 	if err != nil {
 		log.Error("VMessIn: Failed to create encrypt writer: %v", err)
 		return
 	}
-	responseWriter.Write(response[:])
+	responseWriter.Write(request.ResponseHeader[:])
 
 	hasData := false
 
diff --git a/proxy/vmess/vmessout.go b/proxy/vmess/vmessout.go
index 7a6d6fbdb..abac9c621 100644
--- a/proxy/vmess/vmessout.go
+++ b/proxy/vmess/vmessout.go
@@ -175,7 +175,7 @@ func handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<-
 		log.Error("VMessOut: Failed to read VMess response (%d bytes): %v", len(buffer), err)
 		return
 	}
-	if !bytes.Equal(buffer[:4], request.ResponseHeader[:]) {
+	if len(buffer) < 4 || !bytes.Equal(buffer[:4], request.ResponseHeader[:]) {
 		log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.")
 		return
 	}