diff --git a/.changes/http-unsafe-headers.md b/.changes/http-unsafe-headers.md
new file mode 100644
index 00000000..a387be97
--- /dev/null
+++ b/.changes/http-unsafe-headers.md
@@ -0,0 +1,5 @@
+---
+"http": patch
+---
+
+Add `unsafe-headers` cargo feature flag to allow using [forbidden headers](https://fetch.spec.whatwg.org/#terminology-headers). 
\ No newline at end of file
diff --git a/Cargo.lock b/Cargo.lock
index 59c41093..fad46e8b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -230,7 +230,7 @@ checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1"
 
 [[package]]
 name = "api"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6401,7 +6401,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-authenticator"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "authenticator",
  "base64 0.21.7",
@@ -6423,7 +6423,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-autostart"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "auto-launch",
  "log",
@@ -6436,7 +6436,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-barcode-scanner"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6448,7 +6448,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-biometric"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6461,7 +6461,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-cli"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "clap",
  "log",
@@ -6474,7 +6474,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-clipboard-manager"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "arboard",
  "log",
@@ -6487,7 +6487,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-deep-link"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6500,7 +6500,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-dialog"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "glib 0.16.9",
  "log",
@@ -6516,7 +6516,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-fs"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "anyhow",
  "glob",
@@ -6535,7 +6535,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-global-shortcut"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "global-hotkey",
  "log",
@@ -6548,7 +6548,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-http"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "data-url",
  "http 0.2.11",
@@ -6567,7 +6567,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-localhost"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "http 1.0.0",
  "log",
@@ -6580,7 +6580,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-log"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "android_logger",
  "byte-unit",
@@ -6599,7 +6599,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-nfc"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6612,7 +6612,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-notification"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "chrono",
  "color-backtrace",
@@ -6640,7 +6640,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-os"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "gethostname",
  "log",
@@ -6656,7 +6656,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-persisted-scope"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "aho-corasick",
  "bincode",
@@ -6670,7 +6670,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-positioner"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "log",
  "serde",
@@ -6683,7 +6683,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-process"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "tauri",
  "tauri-plugin",
@@ -6691,7 +6691,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-shell"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "encoding_rs",
  "log",
@@ -6709,7 +6709,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-single-instance"
-version = "2.0.0-beta.2"
+version = "2.0.0-beta.3"
 dependencies = [
  "log",
  "serde",
@@ -6722,7 +6722,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-sql"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "futures-core",
  "log",
@@ -6738,7 +6738,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-store"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.3"
 dependencies = [
  "log",
  "serde",
@@ -6750,7 +6750,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-stronghold"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "hex",
  "iota-crypto 0.23.1",
@@ -6771,7 +6771,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-updater"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "base64 0.21.7",
  "dirs-next",
@@ -6798,7 +6798,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-upload"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "futures-util",
  "log",
@@ -6815,7 +6815,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-websocket"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "futures-util",
  "http 1.0.0",
@@ -6832,7 +6832,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-plugin-window-state"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta.2"
 dependencies = [
  "bincode",
  "bitflags 2.4.2",
diff --git a/plugins/http/Cargo.toml b/plugins/http/Cargo.toml
index a35c1401..95860309 100644
--- a/plugins/http/Cargo.toml
+++ b/plugins/http/Cargo.toml
@@ -53,3 +53,4 @@ deflate = [ "reqwest/deflate" ]
 trust-dns = [ "reqwest/trust-dns" ]
 socks = [ "reqwest/socks" ]
 http3 = [ "reqwest/http3" ]
+unsafe-headers = []
diff --git a/plugins/http/src/commands.rs b/plugins/http/src/commands.rs
index d4b2469b..e88608f6 100644
--- a/plugins/http/src/commands.rs
+++ b/plugins/http/src/commands.rs
@@ -195,7 +195,8 @@ pub async fn fetch<R: Runtime>(
                 for (name, value) in &headers {
                     let name = HeaderName::from_bytes(name.as_bytes())?;
                     let value = HeaderValue::from_bytes(value.as_bytes())?;
-                    if !matches!(
+                    #[cfg(not(feature = "unsafe-headers"))]
+                    if matches!(
                         name,
                         // forbidden headers per fetch spec https://fetch.spec.whatwg.org/#terminology-headers
                         header::ACCEPT_CHARSET
@@ -218,8 +219,10 @@ pub async fn fetch<R: Runtime>(
                             | header::UPGRADE
                             | header::VIA
                     ) {
-                        request = request.header(name, value);
+                        continue;
                     }
+
+                    request = request.header(name, value);
                 }
 
                 // POST and PUT requests should always have a 0 length content-length,