diff --git a/deps/undici/src/README.md b/deps/undici/src/README.md
index b7a5ef1acd45a8..c8dc260e12a613 100644
--- a/deps/undici/src/README.md
+++ b/deps/undici/src/README.md
@@ -288,6 +288,15 @@ const headers = await fetch(url)
   .then(res => res.headers)
 ```
 
+##### Forbidden and Safelisted Header Names
+
+* https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
+* https://fetch.spec.whatwg.org/#forbidden-header-name
+* https://fetch.spec.whatwg.org/#forbidden-response-header-name
+* https://github.com/wintercg/fetch/issues/6
+
+The [Fetch Standard](https://fetch.spec.whatwg.org) requires implementations to exclude certain headers from requests and responses. In browser environments, some headers are forbidden so the user agent remains in full control over them. In Undici, these constraints are removed to give more control to the user.
+
 ### `undici.upgrade([url, options]): Promise`
 
 Upgrade to a different protocol. See [MDN - HTTP - Protocol upgrade mechanism](https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism) for more details.
diff --git a/deps/undici/src/docs/api/MockPool.md b/deps/undici/src/docs/api/MockPool.md
index 29667f3177b51e..87fde1ddd995e5 100644
--- a/deps/undici/src/docs/api/MockPool.md
+++ b/deps/undici/src/docs/api/MockPool.md
@@ -57,6 +57,7 @@ Returns: `MockInterceptor` corresponding to the input options.
 * **method** `string | RegExp | (method: string) => boolean` - a matcher for the HTTP request method.
 * **body** `string | RegExp | (body: string) => boolean` - (optional) - a matcher for the HTTP request body.
 * **headers** `Record<string, string | RegExp | (body: string) => boolean`> - (optional) - a matcher for the HTTP request headers. To be intercepted, a request must match all defined headers. Extra headers not defined here may (or may not) be included in the request and do not affect the interception in any way.
+* **query** `Record<string, any> | null` - (optional) - a matcher for the HTTP request query string params.
 
 ### Return: `MockInterceptor`
 
diff --git a/deps/undici/src/lib/client.js b/deps/undici/src/lib/client.js
index 1e23e7aad34d60..fea887e92b25c0 100644
--- a/deps/undici/src/lib/client.js
+++ b/deps/undici/src/lib/client.js
@@ -873,6 +873,11 @@ class Parser {
       // have been queued since then.
       util.destroy(socket, new InformationalError('reset'))
       return constants.ERROR.PAUSED
+    } else if (client[kPipelining] === 1) {
+      // We must wait a full event loop cycle to reuse this socket to make sure
+      // that non-spec compliant servers are not closing the connection even if they
+      // said they won't.
+      setImmediate(resume, client)
     } else {
       resume(client)
     }
diff --git a/deps/undici/src/lib/fetch/constants.js b/deps/undici/src/lib/fetch/constants.js
index 75c9265e8c1557..4358cd3ae088c1 100644
--- a/deps/undici/src/lib/fetch/constants.js
+++ b/deps/undici/src/lib/fetch/constants.js
@@ -1,28 +1,5 @@
 'use strict'
 
-const forbiddenHeaderNames = [
-  'accept-charset',
-  'accept-encoding',
-  'access-control-request-headers',
-  'access-control-request-method',
-  'connection',
-  'content-length',
-  'cookie',
-  'cookie2',
-  'date',
-  'dnt',
-  'expect',
-  'host',
-  'keep-alive',
-  'origin',
-  'referer',
-  'te',
-  'trailer',
-  'transfer-encoding',
-  'upgrade',
-  'via'
-]
-
 const corsSafeListedMethods = ['GET', 'HEAD', 'POST']
 
 const nullBodyStatus = [101, 204, 205, 304]
@@ -58,9 +35,6 @@ const requestCache = [
   'only-if-cached'
 ]
 
-// https://fetch.spec.whatwg.org/#forbidden-response-header-name
-const forbiddenResponseHeaderNames = ['set-cookie', 'set-cookie2']
-
 const requestBodyHeader = [
   'content-encoding',
   'content-language',
@@ -86,12 +60,8 @@ const subresource = [
   ''
 ]
 
-const corsSafeListedResponseHeaderNames = [] // TODO
-
 module.exports = {
   subresource,
-  forbiddenResponseHeaderNames,
-  corsSafeListedResponseHeaderNames,
   forbiddenMethods,
   requestBodyHeader,
   referrerPolicy,
@@ -99,7 +69,6 @@ module.exports = {
   requestMode,
   requestCredentials,
   requestCache,
-  forbiddenHeaderNames,
   redirectStatus,
   corsSafeListedMethods,
   nullBodyStatus,
diff --git a/deps/undici/src/lib/fetch/formdata.js b/deps/undici/src/lib/fetch/formdata.js
index e12d2b42bd2fbd..40df747e843f05 100644
--- a/deps/undici/src/lib/fetch/formdata.js
+++ b/deps/undici/src/lib/fetch/formdata.js
@@ -243,8 +243,8 @@ function makeEntry (name, value, filename) {
   // object, representing the same bytes, whose name attribute value is "blob".
   if (isBlobLike(value) && !isFileLike(value)) {
     value = value instanceof Blob
-      ? new File([value], 'blob')
-      : new FileLike(value, 'blob')
+      ? new File([value], 'blob', value)
+      : new FileLike(value, 'blob', value)
   }
 
   // 4. If value is (now) a File object and filename is given, then set value to a
@@ -256,8 +256,8 @@ function makeEntry (name, value, filename) {
   // creating one more File instance doesn't make much sense....
   if (isFileLike(value) && filename != null) {
     value = value instanceof File
-      ? new File([value], filename)
-      : new FileLike(value, filename)
+      ? new File([value], filename, value)
+      : new FileLike(value, filename, value)
   }
 
   // 5. Set entry’s value to value.
diff --git a/deps/undici/src/lib/fetch/headers.js b/deps/undici/src/lib/fetch/headers.js
index eb4eb47c4ec058..0c6e5584d33003 100644
--- a/deps/undici/src/lib/fetch/headers.js
+++ b/deps/undici/src/lib/fetch/headers.js
@@ -6,10 +6,6 @@ const { validateHeaderName, validateHeaderValue } = require('http')
 const { kHeadersList } = require('../core/symbols')
 const { kGuard } = require('./symbols')
 const { kEnumerableProperty } = require('../core/util')
-const {
-  forbiddenHeaderNames,
-  forbiddenResponseHeaderNames
-} = require('./constants')
 
 const kHeadersMap = Symbol('headers map')
 const kHeadersSortedMap = Symbol('headers map sorted')
@@ -115,6 +111,11 @@ class HeadersList {
     }
   }
 
+  clear () {
+    this[kHeadersMap].clear()
+    this[kHeadersSortedMap] = null
+  }
+
   append (name, value) {
     this[kHeadersSortedMap] = null
 
@@ -211,22 +212,11 @@ class Headers {
       )
     }
 
-    const normalizedName = normalizeAndValidateHeaderName(String(name))
-
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(normalizedName)
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(normalizedName)
-    ) {
-      return
     }
 
     return this[kHeadersList].append(String(name), String(value))
@@ -244,22 +234,11 @@ class Headers {
       )
     }
 
-    const normalizedName = normalizeAndValidateHeaderName(String(name))
-
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(normalizedName)
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(normalizedName)
-    ) {
-      return
     }
 
     return this[kHeadersList].delete(String(name))
@@ -307,20 +286,11 @@ class Headers {
       )
     }
 
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(String(name).toLocaleLowerCase())
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(String(name).toLocaleLowerCase())
-    ) {
-      return
     }
 
     return this[kHeadersList].set(String(name), String(value))
diff --git a/deps/undici/src/lib/fetch/request.js b/deps/undici/src/lib/fetch/request.js
index 661f5814ba27f6..42c7eb447a2b07 100644
--- a/deps/undici/src/lib/fetch/request.js
+++ b/deps/undici/src/lib/fetch/request.js
@@ -384,8 +384,8 @@ class Request {
     // Realm, whose header list is request’s header list and guard is
     // "request".
     this[kHeaders] = new Headers()
-    this[kHeaders][kGuard] = 'request'
     this[kHeaders][kHeadersList] = request.headersList
+    this[kHeaders][kGuard] = 'request'
     this[kHeaders][kRealm] = this[kRealm]
 
     // 31. If this’s request’s mode is "no-cors", then:
@@ -406,7 +406,7 @@ class Request {
     if (Object.keys(init).length !== 0) {
       // 1. Let headers be a copy of this’s headers and its associated header
       // list.
-      let headers = new Headers(this.headers)
+      let headers = new Headers(this[kHeaders])
 
       // 2. If init["headers"] exists, then set headers to init["headers"].
       if (init.headers !== undefined) {
@@ -414,18 +414,17 @@ class Request {
       }
 
       // 3. Empty this’s headers’s header list.
-      this[kState].headersList = new HeadersList()
-      this[kHeaders][kHeadersList] = this[kState].headersList
+      this[kHeaders][kHeadersList].clear()
 
       // 4. If headers is a Headers object, then for each header in its header
       // list, append header’s name/header’s value to this’s headers.
       if (headers.constructor.name === 'Headers') {
-        for (const [key, val] of headers[kHeadersList] || headers) {
+        for (const [key, val] of headers) {
           this[kHeaders].append(key, val)
         }
       } else {
         // 5. Otherwise, fill this’s headers with headers.
-        fillHeaders(this[kState].headersList, headers)
+        fillHeaders(this[kHeaders], headers)
       }
     }
 
diff --git a/deps/undici/src/lib/fetch/response.js b/deps/undici/src/lib/fetch/response.js
index 03db7eb488ed4d..582876e050a34e 100644
--- a/deps/undici/src/lib/fetch/response.js
+++ b/deps/undici/src/lib/fetch/response.js
@@ -8,9 +8,7 @@ const { kEnumerableProperty } = util
 const { responseURL, isValidReasonPhrase, toUSVString, isCancelled, isAborted, serializeJavascriptValueToJSONString } = require('./util')
 const {
   redirectStatus,
-  nullBodyStatus,
-  forbiddenResponseHeaderNames,
-  corsSafeListedResponseHeaderNames
+  nullBodyStatus
 } = require('./constants')
 const { kState, kHeaders, kGuard, kRealm } = require('./symbols')
 const { kHeadersList } = require('../core/symbols')
@@ -380,28 +378,6 @@ function makeFilteredResponse (response, state) {
   })
 }
 
-function makeFilteredHeadersList (headersList, filter) {
-  return new Proxy(headersList, {
-    get (target, prop) {
-      // Override methods used by Headers class.
-      if (prop === 'get' || prop === 'has') {
-        const defaultReturn = prop === 'has' ? false : null
-        return (name) => filter(name) ? target[prop](name) : defaultReturn
-      } else if (prop === Symbol.iterator) {
-        return function * () {
-          for (const entry of target) {
-            if (filter(entry[0])) {
-              yield entry
-            }
-          }
-        }
-      } else {
-        return target[prop]
-      }
-    }
-  })
-}
-
 // https://fetch.spec.whatwg.org/#concept-filtered-response
 function filterResponse (response, type) {
   // Set response to the following filtered response with response as its
@@ -411,12 +387,10 @@ function filterResponse (response, type) {
     // and header list excludes any headers in internal response’s header list
     // whose name is a forbidden response-header name.
 
+    // Note: undici does not implement forbidden response-header names
     return makeFilteredResponse(response, {
       type: 'basic',
-      headersList: makeFilteredHeadersList(
-        response.headersList,
-        (name) => !forbiddenResponseHeaderNames.includes(name.toLowerCase())
-      )
+      headersList: response.headersList
     })
   } else if (type === 'cors') {
     // A CORS filtered response is a filtered response whose type is "cors"
@@ -424,9 +398,10 @@ function filterResponse (response, type) {
     // list whose name is not a CORS-safelisted response-header name, given
     // internal response’s CORS-exposed header-name list.
 
+    // Note: undici does not implement CORS-safelisted response-header names
     return makeFilteredResponse(response, {
       type: 'cors',
-      headersList: makeFilteredHeadersList(response.headersList, (name) => !corsSafeListedResponseHeaderNames.includes(name))
+      headersList: response.headersList
     })
   } else if (type === 'opaque') {
     // An opaque filtered response is a filtered response whose type is
@@ -449,7 +424,7 @@ function filterResponse (response, type) {
       type: 'opaqueredirect',
       status: 0,
       statusText: '',
-      headersList: makeFilteredHeadersList(response.headersList, () => false),
+      headersList: [],
       body: null
     })
   } else {
diff --git a/deps/undici/src/lib/mock/mock-interceptor.js b/deps/undici/src/lib/mock/mock-interceptor.js
index c89ba0d29df437..b51e6f2df3f5aa 100644
--- a/deps/undici/src/lib/mock/mock-interceptor.js
+++ b/deps/undici/src/lib/mock/mock-interceptor.js
@@ -10,6 +10,7 @@ const {
   kMockDispatch
 } = require('./mock-symbols')
 const { InvalidArgumentError } = require('../core/errors')
+const { buildURL } = require('../core/util')
 
 /**
  * Defines the scope API for an interceptor reply
@@ -70,9 +71,13 @@ class MockInterceptor {
     // As per RFC 3986, clients are not supposed to send URI
     // fragments to servers when they retrieve a document,
     if (typeof opts.path === 'string') {
-      // Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811
-      const parsedURL = new URL(opts.path, 'data://')
-      opts.path = parsedURL.pathname + parsedURL.search
+      if (opts.query) {
+        opts.path = buildURL(opts.path, opts.query)
+      } else {
+        // Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811
+        const parsedURL = new URL(opts.path, 'data://')
+        opts.path = parsedURL.pathname + parsedURL.search
+      }
     }
     if (typeof opts.method === 'string') {
       opts.method = opts.method.toUpperCase()
diff --git a/deps/undici/src/lib/mock/mock-utils.js b/deps/undici/src/lib/mock/mock-utils.js
index a9ab94f36ae03a..14bfcb1187972b 100644
--- a/deps/undici/src/lib/mock/mock-utils.js
+++ b/deps/undici/src/lib/mock/mock-utils.js
@@ -8,6 +8,7 @@ const {
   kOrigin,
   kGetNetConnect
 } = require('./mock-symbols')
+const { buildURL } = require('../core/util')
 
 function matchValue (match, value) {
   if (typeof match === 'string') {
@@ -98,10 +99,12 @@ function getResponseData (data) {
 }
 
 function getMockDispatch (mockDispatches, key) {
+  const resolvedPath = key.query ? buildURL(key.path, key.query) : key.path
+
   // Match path
-  let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path }) => matchValue(path, key.path))
+  let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path }) => matchValue(path, resolvedPath))
   if (matchedMockDispatches.length === 0) {
-    throw new MockNotMatchedError(`Mock dispatch not matched for path '${key.path}'`)
+    throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`)
   }
 
   // Match method
@@ -146,12 +149,13 @@ function deleteMockDispatch (mockDispatches, key) {
 }
 
 function buildKey (opts) {
-  const { path, method, body, headers } = opts
+  const { path, method, body, headers, query } = opts
   return {
     path,
     method,
     body,
-    headers
+    headers,
+    query
   }
 }
 
diff --git a/deps/undici/src/package.json b/deps/undici/src/package.json
index b30753c16d9001..3fda0f8e557088 100644
--- a/deps/undici/src/package.json
+++ b/deps/undici/src/package.json
@@ -1,6 +1,6 @@
 {
   "name": "undici",
-  "version": "5.3.0",
+  "version": "5.4.0",
   "description": "An HTTP/1.1 client, written from scratch for Node.js",
   "homepage": "https://undici.nodejs.org",
   "bugs": {
@@ -67,7 +67,7 @@
     "@sinonjs/fake-timers": "^9.1.2",
     "@types/node": "^17.0.29",
     "abort-controller": "^3.0.0",
-    "busboy": "^0.3.1",
+    "busboy": "^1.6.0",
     "chai": "^4.3.4",
     "chai-as-promised": "^7.1.1",
     "chai-iterator": "^3.0.2",
@@ -77,8 +77,8 @@
     "delay": "^5.0.0",
     "docsify-cli": "^4.4.3",
     "formdata-node": "^4.3.1",
-    "https-pem": "^2.0.0",
-    "husky": "^7.0.2",
+    "https-pem": "^3.0.0",
+    "husky": "^8.0.1",
     "import-fresh": "^3.3.0",
     "jest": "^28.0.1",
     "jsfuzz": "^1.0.15",
diff --git a/deps/undici/src/types/dispatcher.d.ts b/deps/undici/src/types/dispatcher.d.ts
index 4bc3241ac3da6e..8744f04e2d7083 100644
--- a/deps/undici/src/types/dispatcher.d.ts
+++ b/deps/undici/src/types/dispatcher.d.ts
@@ -3,7 +3,7 @@ import { Duplex, Readable, Writable } from 'stream'
 import { EventEmitter } from 'events'
 import { IncomingHttpHeaders } from 'http'
 import { Blob } from 'buffer'
-import BodyReadable from './readable'
+import BodyReadable = require('./readable')
 import { FormData } from './formdata'
 
 type AbortSignal = unknown;
diff --git a/deps/undici/src/types/mock-interceptor.d.ts b/deps/undici/src/types/mock-interceptor.d.ts
index 88d38032ae230c..b7a2b339c04024 100644
--- a/deps/undici/src/types/mock-interceptor.d.ts
+++ b/deps/undici/src/types/mock-interceptor.d.ts
@@ -1,5 +1,5 @@
 import { IncomingHttpHeaders } from 'http'
-import Dispatcher from './dispatcher';
+import Dispatcher = require('./dispatcher');
 import { BodyInit, Headers } from './fetch'
 
 export {
@@ -50,6 +50,8 @@ declare namespace MockInterceptor {
     body?: string | RegExp | ((body: string) => boolean);
     /** Headers to intercept on. */
     headers?: Record<string, string | RegExp | ((body: string) => boolean)> | ((headers: Record<string, string>) => boolean);
+    /** Query params to intercept on */
+    query?: Record<string, any>;
   }
   export interface MockDispatch<TData extends object = object, TError extends Error = Error> extends Options {
     times: number | null;
diff --git a/deps/undici/undici.js b/deps/undici/undici.js
index 16c98d7469ed1c..25de978273c344 100644
--- a/deps/undici/undici.js
+++ b/deps/undici/undici.js
@@ -974,28 +974,6 @@ var require_util = __commonJS({
 var require_constants = __commonJS({
   "lib/fetch/constants.js"(exports2, module2) {
     "use strict";
-    var forbiddenHeaderNames = [
-      "accept-charset",
-      "accept-encoding",
-      "access-control-request-headers",
-      "access-control-request-method",
-      "connection",
-      "content-length",
-      "cookie",
-      "cookie2",
-      "date",
-      "dnt",
-      "expect",
-      "host",
-      "keep-alive",
-      "origin",
-      "referer",
-      "te",
-      "trailer",
-      "transfer-encoding",
-      "upgrade",
-      "via"
-    ];
     var corsSafeListedMethods = ["GET", "HEAD", "POST"];
     var nullBodyStatus = [101, 204, 205, 304];
     var redirectStatus = [301, 302, 303, 307, 308];
@@ -1022,7 +1000,6 @@ var require_constants = __commonJS({
       "force-cache",
       "only-if-cached"
     ];
-    var forbiddenResponseHeaderNames = ["set-cookie", "set-cookie2"];
     var requestBodyHeader = [
       "content-encoding",
       "content-language",
@@ -1044,11 +1021,8 @@ var require_constants = __commonJS({
       "xslt",
       ""
     ];
-    var corsSafeListedResponseHeaderNames = [];
     module2.exports = {
       subresource,
-      forbiddenResponseHeaderNames,
-      corsSafeListedResponseHeaderNames,
       forbiddenMethods,
       requestBodyHeader,
       referrerPolicy,
@@ -1056,7 +1030,6 @@ var require_constants = __commonJS({
       requestMode,
       requestCredentials,
       requestCache,
-      forbiddenHeaderNames,
       redirectStatus,
       corsSafeListedMethods,
       nullBodyStatus,
@@ -1624,10 +1597,10 @@ var require_formdata = __commonJS({
       };
       entry.name = name;
       if (isBlobLike(value) && !isFileLike(value)) {
-        value = value instanceof Blob ? new File([value], "blob") : new FileLike(value, "blob");
+        value = value instanceof Blob ? new File([value], "blob", value) : new FileLike(value, "blob", value);
       }
       if (isFileLike(value) && filename != null) {
-        value = value instanceof File ? new File([value], filename) : new FileLike(value, filename);
+        value = value instanceof File ? new File([value], filename, value) : new FileLike(value, filename, value);
       }
       entry.value = value;
       return entry;
@@ -3346,6 +3319,8 @@ var require_client = __commonJS({
         } else if (socket[kReset] && client[kRunning] === 0) {
           util.destroy(socket, new InformationalError("reset"));
           return constants.ERROR.PAUSED;
+        } else if (client[kPipelining] === 1) {
+          setImmediate(resume, client);
         } else {
           resume(client);
         }
@@ -4230,10 +4205,6 @@ var require_headers = __commonJS({
     var { kHeadersList } = require_symbols();
     var { kGuard } = require_symbols2();
     var { kEnumerableProperty } = require_util();
-    var {
-      forbiddenHeaderNames,
-      forbiddenResponseHeaderNames
-    } = require_constants();
     var kHeadersMap = Symbol("headers map");
     var kHeadersSortedMap = Symbol("headers map sorted");
     function normalizeAndValidateHeaderName(name) {
@@ -4301,6 +4272,10 @@ var require_headers = __commonJS({
           this[kHeadersSortedMap] = null;
         }
       }
+      clear() {
+        this[kHeadersMap].clear();
+        this[kHeadersSortedMap] = null;
+      }
       append(name, value) {
         this[kHeadersSortedMap] = null;
         const normalizedName = normalizeAndValidateHeaderName(name);
@@ -4363,14 +4338,9 @@ var require_headers = __commonJS({
         if (arguments.length < 2) {
           throw new TypeError(`Failed to execute 'append' on 'Headers': 2 arguments required, but only ${arguments.length} present.`);
         }
-        const normalizedName = normalizeAndValidateHeaderName(String(name));
         if (this[kGuard] === "immutable") {
           throw new TypeError("immutable");
-        } else if (this[kGuard] === "request" && forbiddenHeaderNames.includes(normalizedName)) {
-          return;
         } else if (this[kGuard] === "request-no-cors") {
-        } else if (this[kGuard] === "response" && forbiddenResponseHeaderNames.includes(normalizedName)) {
-          return;
         }
         return this[kHeadersList].append(String(name), String(value));
       }
@@ -4381,14 +4351,9 @@ var require_headers = __commonJS({
         if (arguments.length < 1) {
           throw new TypeError(`Failed to execute 'delete' on 'Headers': 1 argument required, but only ${arguments.length} present.`);
         }
-        const normalizedName = normalizeAndValidateHeaderName(String(name));
         if (this[kGuard] === "immutable") {
           throw new TypeError("immutable");
-        } else if (this[kGuard] === "request" && forbiddenHeaderNames.includes(normalizedName)) {
-          return;
         } else if (this[kGuard] === "request-no-cors") {
-        } else if (this[kGuard] === "response" && forbiddenResponseHeaderNames.includes(normalizedName)) {
-          return;
         }
         return this[kHeadersList].delete(String(name));
       }
@@ -4419,11 +4384,7 @@ var require_headers = __commonJS({
         }
         if (this[kGuard] === "immutable") {
           throw new TypeError("immutable");
-        } else if (this[kGuard] === "request" && forbiddenHeaderNames.includes(String(name).toLocaleLowerCase())) {
-          return;
         } else if (this[kGuard] === "request-no-cors") {
-        } else if (this[kGuard] === "response" && forbiddenResponseHeaderNames.includes(String(name).toLocaleLowerCase())) {
-          return;
         }
         return this[kHeadersList].set(String(name), String(value));
       }
@@ -4504,9 +4465,7 @@ var require_response = __commonJS({
     var { responseURL, isValidReasonPhrase, toUSVString, isCancelled, isAborted, serializeJavascriptValueToJSONString } = require_util2();
     var {
       redirectStatus,
-      nullBodyStatus,
-      forbiddenResponseHeaderNames,
-      corsSafeListedResponseHeaderNames
+      nullBodyStatus
     } = require_constants();
     var { kState, kHeaders, kGuard, kRealm } = require_symbols2();
     var { kHeadersList } = require_symbols();
@@ -4724,36 +4683,16 @@ var require_response = __commonJS({
         }
       });
     }
-    function makeFilteredHeadersList(headersList, filter) {
-      return new Proxy(headersList, {
-        get(target, prop) {
-          if (prop === "get" || prop === "has") {
-            const defaultReturn = prop === "has" ? false : null;
-            return (name) => filter(name) ? target[prop](name) : defaultReturn;
-          } else if (prop === Symbol.iterator) {
-            return function* () {
-              for (const entry of target) {
-                if (filter(entry[0])) {
-                  yield entry;
-                }
-              }
-            };
-          } else {
-            return target[prop];
-          }
-        }
-      });
-    }
     function filterResponse(response, type) {
       if (type === "basic") {
         return makeFilteredResponse(response, {
           type: "basic",
-          headersList: makeFilteredHeadersList(response.headersList, (name) => !forbiddenResponseHeaderNames.includes(name.toLowerCase()))
+          headersList: response.headersList
         });
       } else if (type === "cors") {
         return makeFilteredResponse(response, {
           type: "cors",
-          headersList: makeFilteredHeadersList(response.headersList, (name) => !corsSafeListedResponseHeaderNames.includes(name))
+          headersList: response.headersList
         });
       } else if (type === "opaque") {
         return makeFilteredResponse(response, {
@@ -4768,7 +4707,7 @@ var require_response = __commonJS({
           type: "opaqueredirect",
           status: 0,
           statusText: "",
-          headersList: makeFilteredHeadersList(response.headersList, () => false),
+          headersList: [],
           body: null
         });
       } else {
@@ -5019,8 +4958,8 @@ var require_request2 = __commonJS({
           }
         }
         this[kHeaders] = new Headers();
-        this[kHeaders][kGuard] = "request";
         this[kHeaders][kHeadersList] = request.headersList;
+        this[kHeaders][kGuard] = "request";
         this[kHeaders][kRealm] = this[kRealm];
         if (mode === "no-cors") {
           if (!corsSafeListedMethods.includes(request.method)) {
@@ -5029,18 +4968,17 @@ var require_request2 = __commonJS({
           this[kHeaders][kGuard] = "request-no-cors";
         }
         if (Object.keys(init).length !== 0) {
-          let headers = new Headers(this.headers);
+          let headers = new Headers(this[kHeaders]);
           if (init.headers !== void 0) {
             headers = init.headers;
           }
-          this[kState].headersList = new HeadersList();
-          this[kHeaders][kHeadersList] = this[kState].headersList;
+          this[kHeaders][kHeadersList].clear();
           if (headers.constructor.name === "Headers") {
-            for (const [key, val] of headers[kHeadersList] || headers) {
+            for (const [key, val] of headers) {
               this[kHeaders].append(key, val);
             }
           } else {
-            fillHeaders(this[kState].headersList, headers);
+            fillHeaders(this[kHeaders], headers);
           }
         }
         const inputBody = input instanceof Request ? input[kState].body : null;