diff --git a/lib/XMLHttpRequest.js b/lib/XMLHttpRequest.js
index 4893913..84ed6d9 100644
--- a/lib/XMLHttpRequest.js
+++ b/lib/XMLHttpRequest.js
@@ -111,10 +111,11 @@ exports.XMLHttpRequest = function() {
   this.responseXML = "";
   this.status = null;
   this.statusText = null;
-  
+
   // Whether cross-site Access-Control requests should be made using
   // credentials such as cookies or authorization headers
   this.withCredentials = false;
+  this.rejectUnauthorized = false;
 
   /**
    * Private methods
@@ -378,7 +379,8 @@ exports.XMLHttpRequest = function() {
       method: settings.method,
       headers: headers,
       agent: false,
-      withCredentials: self.withCredentials
+      withCredentials: self.withCredentials,
+      rejectUnauthorized: self.rejectUnauthorized
     };
 
     // Reset error flag
@@ -415,7 +417,8 @@ exports.XMLHttpRequest = function() {
             path: url.path,
             method: response.statusCode === 303 ? "GET" : settings.method,
             headers: headers,
-            withCredentials: self.withCredentials
+            withCredentials: self.withCredentials,
+            rejectUnauthorized: self.rejectUnauthorized
           };
 
           // Issue the new request
@@ -542,7 +545,7 @@ exports.XMLHttpRequest = function() {
       request = null;
     }
 
-    headers = defaultHeaders;
+    headers = {};
     this.status = 0;
     this.responseText = "";
     this.responseXML = "";
diff --git a/tests/test-headers.js b/tests/test-headers.js
index 23a419e..75395b5 100644
--- a/tests/test-headers.js
+++ b/tests/test-headers.js
@@ -61,7 +61,7 @@ try {
   // Invalid header
   xhr.setRequestHeader("Content-Length", 0);
   // Allowed header outside of specs
-  xhr.setRequestHeader("user-agent", "node-XMLHttpRequest-test");
+  xhr.setRequestHeader("User-Agent", "node-XMLHttpRequest-test");
   // Test getRequestHeader
   assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
   assert.equal("Foobar", xhr.getRequestHeader("x-tEST"));