diff --git a/src/__test__/solid-auth-client.spec.js b/src/__test__/solid-auth-client.spec.js
index 80681ba..0a0fab4 100644
--- a/src/__test__/solid-auth-client.spec.js
+++ b/src/__test__/solid-auth-client.spec.js
@@ -619,7 +619,26 @@ describe('fetch', () => {
       'https://third-party.com/private-resource',
       {
         headers: {
-          entries: () => [['accept', 'text/plain']],
+          forEach: (iterate) => iterate('text/plain', 'accept'),
+        },
+      }
+    )
+    expect(resp.status).toBe(200)
+  })
+
+  it('accepts a Headers object when no authentication is needed', async () => {
+    await saveSession(window.localStorage)(fakeSession)
+
+    nock('https://third-party.com')
+      .get('/public-resource')
+      .matchHeader('accept', 'text/plain')
+      .reply(200)
+
+    const resp = await instance.fetch(
+      'https://third-party.com/public-resource',
+      {
+        headers: {
+          forEach: (iterate) => iterate('text/plain', 'accept'),
         },
       }
     )
@@ -642,7 +661,7 @@ describe('fetch', () => {
     const resp = await instance.fetch({
       url: 'https://third-party.com/private-resource',
       headers: {
-        entries: () => [['accept', 'text/plain']],
+        forEach: (iterate) => iterate('text/plain', 'accept'),
       },
     })
     expect(resp.status).toBe(200)
diff --git a/src/authn-fetch.js b/src/authn-fetch.js
index f7f1d33..0d60eab 100644
--- a/src/authn-fetch.js
+++ b/src/authn-fetch.js
@@ -13,6 +13,12 @@ export async function authnFetch(
   input: RequestInfo,
   options?: RequestOptions
 ): Promise<Response> {
+  // Copy headers into a modifiable object
+  if (options) {
+    const headers = copyHeaders((options: any).headers)
+    options = { ...options, headers }
+  }
+
   // If not authenticated, perform a regular fetch
   const session = await getSession(storage)
   if (!session) {
@@ -44,3 +50,19 @@ async function shouldShareCredentials(
   const requestHost = await getHost(storage)(toUrlString(input))
   return requestHost != null && requestHost.requiresAuth
 }
+
+function copyHeaders(origHeaders: any) {
+  const headers = {}
+  if (origHeaders) {
+    if (typeof origHeaders.forEach === 'function') {
+      origHeaders.forEach((value, key) => {
+        headers[key] = value
+      })
+    } else {
+      for (const key in origHeaders) {
+        headers[key] = origHeaders[key]
+      }
+    }
+  }
+  return headers
+}
diff --git a/src/webid-oidc.js b/src/webid-oidc.js
index efbbb98..4c75c10 100644
--- a/src/webid-oidc.js
+++ b/src/webid-oidc.js
@@ -227,20 +227,8 @@ export async function fetchWithCredentials(
   input: any,
   options?: RequestOptions
 ): Promise<Response> {
-  // Create a copy of the headers
-  const headers = {}
-  const origHeaders = options ? options.headers : input.headers
-  if (origHeaders) {
-    const entries =
-      typeof origHeaders.entries === 'function'
-        ? origHeaders.entries()
-        : Object.entries(origHeaders)
-    for (const [name, value] of entries) {
-      headers[name] = value
-    }
-  }
-
-  // Add Authorization header
+  // Add Authorization header (assuming a modifiable headers object)
+  const headers: any = (options ? options.headers : input.headers) || {}
   const popToken = await PoPToken.issueFor(toUrlString(input), session)
   headers.authorization = `Bearer ${popToken}`
   return fetch(input, { ...options, credentials: 'include', headers })