diff --git a/conformance/runner.ts b/conformance/runner.ts
index 9111c708..3b37ef42 100644
--- a/conformance/runner.ts
+++ b/conformance/runner.ts
@@ -529,8 +529,8 @@ export const green = (options?: MacroOptions) =>
             access_token,
             'GET',
             new URL(accounts_endpoint),
-            new Headers(),
-            null,
+            undefined,
+            undefined,
             {
               ...clientAuthOptions('resource'),
               DPoP,
diff --git a/docs/functions/protectedResourceRequest.md b/docs/functions/protectedResourceRequest.md
index 8fbc3b80..b48cdada 100644
--- a/docs/functions/protectedResourceRequest.md
+++ b/docs/functions/protectedResourceRequest.md
@@ -2,7 +2,7 @@
 
 [💗 Help the project](https://github.com/sponsors/panva)
 
-▸ **protectedResourceRequest**(`accessToken`, `method`, `url`, `headers`, `body?`, `options?`): [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Response`]( https://developer.mozilla.org/docs/Web/API/Response )\>
+▸ **protectedResourceRequest**(`accessToken`, `method`, `url`, `headers?`, `body?`, `options?`): [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Response`]( https://developer.mozilla.org/docs/Web/API/Response )\>
 
 Performs a protected resource request at an arbitrary URL.
 
@@ -15,7 +15,7 @@ Authorization Header is used to transmit the Access Token value.
 | `accessToken` | `string` | The Access Token for the request. |
 | `method` | `string` | The HTTP method for the request. |
 | `url` | [`URL`]( https://developer.mozilla.org/docs/Web/API/URL ) | Target URL for the request. |
-| `headers` | [`Headers`]( https://developer.mozilla.org/docs/Web/API/Headers ) | Headers for the request. |
+| `headers?` | [`Headers`]( https://developer.mozilla.org/docs/Web/API/Headers ) | Headers for the request. |
 | `body?` | ``null`` \| `string` \| [`ArrayBuffer`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer ) \| `ArrayBufferView` \| [`Blob`]( https://developer.mozilla.org/docs/Web/API/Blob ) \| [`FormData`]( https://developer.mozilla.org/docs/Web/API/FormData ) \| [`URLSearchParams`]( https://developer.mozilla.org/docs/Web/API/URLSearchParams ) \| [`ReadableStream`]( https://developer.mozilla.org/docs/Web/API/ReadableStream )\<`any`\> | Request body compatible with the Fetch API and the request's method. |
 | `options?` | [`ProtectedResourceRequestOptions`](../interfaces/ProtectedResourceRequestOptions.md) | - |
 
diff --git a/src/index.ts b/src/index.ts
index f8c8b9dc..de91a280 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -2038,7 +2038,7 @@ export async function protectedResourceRequest(
   accessToken: string,
   method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string,
   url: URL,
-  headers: Headers,
+  headers?: Headers,
   body?:
     | ReadableStream
     | Blob
diff --git a/tap/end2end-device-code.ts b/tap/end2end-device-code.ts
index 352b79de..a06921b2 100644
--- a/tap/end2end-device-code.ts
+++ b/tap/end2end-device-code.ts
@@ -97,7 +97,7 @@ export default (QUnit: QUnit) => {
           access_token,
           'GET',
           new URL('http://localhost:3001/resource'),
-          new Headers(),
+          undefined,
           undefined,
           {
             DPoP,
diff --git a/tap/modulus_length.ts b/tap/modulus_length.ts
index 19575fd3..2207acfe 100644
--- a/tap/modulus_length.ts
+++ b/tap/modulus_length.ts
@@ -23,8 +23,8 @@ export default async (QUnit: QUnit) => {
           'accessToken',
           'GET',
           new URL('https://rs.example.com/api'),
-          new Headers(),
-          null,
+          undefined,
+          undefined,
           { DPoP: { privateKey, publicKey } },
         ),
         (err: Error) => {
diff --git a/test/dpop.test.ts b/test/dpop.test.ts
index c58cb33b..b8c533ea 100644
--- a/test/dpop.test.ts
+++ b/test/dpop.test.ts
@@ -36,7 +36,7 @@ test('dpop()', async (t) => {
     .reply(200, '')
 
   const url = new URL('https://rs.example.com/resource?foo#bar')
-  const response = await lib.protectedResourceRequest('token', 'GET', url, new Headers(), null, {
+  const response = await lib.protectedResourceRequest('token', 'GET', url, undefined, undefined, {
     DPoP: sign,
   })
   t.true(response instanceof Response)
@@ -61,7 +61,7 @@ test('dpop() w/ a nonce', async (t) => {
     .reply(401, '', { headers: { 'DPoP-Nonce': 'foo' } })
 
   const url = new URL('https://rs2.example.com/resource?foo#bar')
-  await lib.protectedResourceRequest('token', 'GET', url, new Headers(), null, {
+  await lib.protectedResourceRequest('token', 'GET', url, undefined, undefined, {
     DPoP: sign,
   })
 
@@ -80,7 +80,7 @@ test('dpop() w/ a nonce', async (t) => {
     })
     .reply(200, '')
 
-  await lib.protectedResourceRequest('token', 'GET', url, new Headers(), null, {
+  await lib.protectedResourceRequest('token', 'GET', url, undefined, undefined, {
     DPoP: sign,
   })
 })
diff --git a/test/protected_resource.test.ts b/test/protected_resource.test.ts
index c0f919ea..51a49b4f 100644
--- a/test/protected_resource.test.ts
+++ b/test/protected_resource.test.ts
@@ -19,6 +19,6 @@ test('protectedResource()', async (t) => {
     })
     .reply(200, '')
   const url = new URL('https://rs.example.com/resource')
-  const response = await lib.protectedResourceRequest('token', 'GET', url, new Headers(), null)
+  const response = await lib.protectedResourceRequest('token', 'GET', url)
   t.true(response instanceof Response)
 })