diff --git a/src/components/script/dom/xmlhttprequest.rs b/src/components/script/dom/xmlhttprequest.rs
index b0f80ceabf1..86112f045b5 100644
--- a/src/components/script/dom/xmlhttprequest.rs
+++ b/src/components/script/dom/xmlhttprequest.rs
@@ -553,7 +553,7 @@ impl<'a> XMLHttpRequestMethods<'a> for JSRef<'a, XMLHttpRequest> {
         self.status_text.deref().borrow().clone()
     }
     fn GetResponseHeader(&self, name: ByteString) -> Option<ByteString> {
-        self.response_headers.deref().borrow().iter().find(|h| {
+        self.filter_response_headers().iter().find(|h| {
             name.eq_ignore_case(&FromStr::from_str(h.header_name().as_slice()).unwrap())
         }).map(|h| {
             FromStr::from_str(h.header_value().as_slice()).unwrap()
@@ -561,7 +561,7 @@ impl<'a> XMLHttpRequestMethods<'a> for JSRef<'a, XMLHttpRequest> {
     }
     fn GetAllResponseHeaders(&self) -> ByteString {
         let mut writer = MemWriter::new();
-        self.response_headers.deref().borrow().write_all(&mut writer).ok().expect("Writing response headers failed");
+        self.filter_response_headers().write_all(&mut writer).ok().expect("Writing response headers failed");
         let mut vec = writer.unwrap();
 
         // rust-http appends an extra "\r\n" when using write_all
@@ -577,13 +577,11 @@ impl<'a> XMLHttpRequestMethods<'a> for JSRef<'a, XMLHttpRequest> {
         self.response_type.deref().get()
     }
     fn SetResponseType(&self, response_type: XMLHttpRequestResponseType) -> ErrorResult {
-        if self.sync.deref().get() {
-            // FIXME: When Workers are implemented, there should be
-            // an additional check that this is a document environment
-            return Err(InvalidState);
-        }
+        // FIXME: When Workers are implemented, there should be
+        // an additional check that this is a document environment
         match self.ready_state.deref().get() {
             Loading | XHRDone => Err(InvalidState),
+            _ if self.sync.deref().get() => Err(InvalidAccess),
             _ => {
                 self.response_type.deref().set(response_type);
                 Ok(())
@@ -669,6 +667,7 @@ trait PrivateXMLHttpRequestHelpers {
     fn text_response(&self) -> DOMString;
     fn set_timeout(&self, timeout:u32);
     fn cancel_timeout(&self);
+    fn filter_response_headers(&self) -> ResponseHeaderCollection;
 }
 
 impl<'a> PrivateXMLHttpRequestHelpers for JSRef<'a, XMLHttpRequest> {
@@ -904,4 +903,16 @@ impl<'a> PrivateXMLHttpRequestHelpers for JSRef<'a, XMLHttpRequest> {
         // the result should be fine. XXXManishearth have a closer look at this later
         encoding.decode(self.response.deref().borrow().as_slice(), DecodeReplace).unwrap().to_string()
     }
+    fn filter_response_headers(&self) -> ResponseHeaderCollection {
+        // http://fetch.spec.whatwg.org/#concept-response-header-list
+        let mut headers = ResponseHeaderCollection::new();
+        for header in self.response_headers.deref().borrow().iter() {
+            match header.header_name().as_slice().to_ascii_lower().as_slice() {
+                "set-cookie" | "set-cookie2" => {},
+                // XXXManishearth additional CORS filtering goes here
+                _ => headers.insert(header)
+            };
+        }
+        headers
+    }
 }
diff --git a/src/test/wpt/metadata/XMLHttpRequest/getallresponseheaders-cookies.htm.ini b/src/test/wpt/metadata/XMLHttpRequest/getallresponseheaders-cookies.htm.ini
deleted file mode 100644
index a6b1b76a291..00000000000
--- a/src/test/wpt/metadata/XMLHttpRequest/getallresponseheaders-cookies.htm.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[getallresponseheaders-cookies.htm]
-  type: testharness
-  [XMLHttpRequest: getAllResponseHeaders() excludes cookies]
-    expected: FAIL
-
diff --git a/src/test/wpt/metadata/XMLHttpRequest/getresponseheader-cookies-and-more.htm.ini b/src/test/wpt/metadata/XMLHttpRequest/getresponseheader-cookies-and-more.htm.ini
deleted file mode 100644
index ac060491c36..00000000000
--- a/src/test/wpt/metadata/XMLHttpRequest/getresponseheader-cookies-and-more.htm.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[getresponseheader-cookies-and-more.htm]
-  type: testharness
-  [XMLHttpRequest: getResponseHeader() custom/non-existent headers and cookies]
-    expected: FAIL
-
diff --git a/src/test/wpt/metadata/XMLHttpRequest/responsetype.html.ini b/src/test/wpt/metadata/XMLHttpRequest/responsetype.html.ini
deleted file mode 100644
index 02a2726bc0d..00000000000
--- a/src/test/wpt/metadata/XMLHttpRequest/responsetype.html.ini
+++ /dev/null
@@ -1,20 +0,0 @@
-[responsetype.html]
-  type: testharness
-  [Set responseType to "" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-
-  [Set responseType to "json" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-
-  [Set responseType to "document" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-
-  [Set responseType to "arraybuffer" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-
-  [Set responseType to "blob" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-
-  [Set responseType to "text" when readyState is OPENED and the sync flag is set.]
-    expected: FAIL
-