diff --git a/package.json b/package.json
index 1134e5a..e17da76 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,8 @@
   "manifest": {
     "permissions": [
       "declarativeNetRequest",
-      "tabs"
+      "tabs",
+      "cookies"
     ],
     "host_permissions": [
       "<all_urls>",
diff --git a/src/background/messages/makeRequest.ts b/src/background/messages/makeRequest.ts
index bdc16fa..19aa779 100644
--- a/src/background/messages/makeRequest.ts
+++ b/src/background/messages/makeRequest.ts
@@ -52,13 +52,11 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
     const url = makeFullUrl(req.body.url, req.body);
     await assertDomainWhitelist(req.sender.tab.url);
 
-    if (req.body.headers['User-Agent']) {
+    if (Object.keys(req.body.headers).length > 0) {
       await setDynamicRules({
         ruleId: MAKE_REQUEST_DYNAMIC_RULE,
         targetDomains: [new URL(url).hostname],
-        requestHeaders: {
-          'User-Agent': req.body.headers['User-Agent'],
-        },
+        requestHeaders: req.body.headers,
       });
     }
 
@@ -71,11 +69,18 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
     const contentType = response.headers.get('content-type');
     const body = contentType?.includes('application/json') ? await response.json() : await response.text();
 
+    const cookies = await (chrome || browser).cookies.getAll({
+      url: response.url,
+    });
+
     res.send({
       success: true,
       response: {
         statusCode: response.status,
-        headers: Object.fromEntries(response.headers.entries()), // Headers object isn't serializable
+        headers: {
+          ...Object.fromEntries(response.headers.entries()),
+          'Set-Cookie': cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join(', '),
+        },
         body,
         finalUrl: response.url,
       },
diff --git a/src/utils/declarativeNetRequest.ts b/src/utils/declarativeNetRequest.ts
index 5dac227..0b1deaa 100644
--- a/src/utils/declarativeNetRequest.ts
+++ b/src/utils/declarativeNetRequest.ts
@@ -56,6 +56,11 @@ export const setDynamicRules = async (body: DynamicRule) => {
                 operation: chrome.declarativeNetRequest.HeaderOperation.SET,
                 value: '*',
               },
+              {
+                header: 'Access-Control-Allow-Credentials',
+                operation: chrome.declarativeNetRequest.HeaderOperation.SET,
+                value: 'true',
+              },
               ...mapHeadersToDeclarativeNetRequestHeaders(
                 body.responseHeaders ?? {},
                 chrome.declarativeNetRequest.HeaderOperation.SET,
@@ -99,6 +104,11 @@ export const setDynamicRules = async (body: DynamicRule) => {
                 operation: 'set',
                 value: '*',
               },
+              {
+                header: 'Access-Control-Allow-Credentials',
+                operation: 'set',
+                value: 'true',
+              },
               ...mapHeadersToDeclarativeNetRequestHeaders(body.responseHeaders ?? {}, 'set'),
             ],
           },