got 14.6.5 → 15.0.0

package/dist/source/core/options.js

@@ -1,5 +1,5 @@
 import process from 'node:process';
-import { promisify, inspect } from 'node:util';
+import { promisify, inspect, isDeepStrictEqual, } from 'node:util';
 import { checkServerIdentity } from 'node:tls';
 // DO NOT use destructuring for `https.request` and `http.request` as it's not compatible with `nock`.
 import https from 'node:https';
@@ -8,8 +8,8 @@ import is, { assert } from '@sindresorhus/is';
 import lowercaseKeys from 'lowercase-keys';
 import CacheableLookup from 'cacheable-lookup';
 import http2wrapper from 'http2-wrapper';
-import { isFormData } from 'form-data-encoder';
 import parseLinkHeader from './parse-link-header.js';
+import { getUnixSocketPath } from './utils/is-unix-socket-url.js';
 const [major, minor] = process.versions.node.split('.').map(Number);
 /**
 Generic helper that wraps any assertion function to add context to error messages.
@@ -43,9 +43,68 @@ function assertPlainObject(optionName, value) {
         assert.plainObject(value);
     });
 }
+export function isSameOrigin(previousUrl, nextUrl) {
+    return previousUrl.origin === nextUrl.origin
+        && getUnixSocketPath(previousUrl) === getUnixSocketPath(nextUrl);
+}
+export const crossOriginStripHeaders = ['host', 'cookie', 'cookie2', 'authorization', 'proxy-authorization'];
+const bodyHeaderNames = ['content-length', 'content-encoding', 'content-language', 'content-location', 'content-type', 'transfer-encoding'];
+function usesUnixSocket(url) {
+    return url.protocol === 'unix:' || getUnixSocketPath(url) !== undefined;
+}
+function hasCredentialInUrl(url, credential) {
+    if (url instanceof URL) {
+        return url[credential] !== '';
+    }
+    if (!is.string(url)) {
+        return false;
+    }
+    try {
+        return new URL(url)[credential] !== '';
+    }
+    catch {
+        return false;
+    }
+}
+export const hasExplicitCredentialInUrlChange = (changedState, url, credential) => (changedState.has(credential)
+    || (changedState.has('url') && url?.[credential] !== ''));
+const hasProtocolSlashes = (value) => /^[a-z][a-z\d+.-]*:\/\//i.test(value);
+const hasHttpProtocolWithoutSlashes = (value) => /^https?:(?!\/\/)/i.test(value);
+export function applyUrlOverride(options, url, { username, password } = {}) {
+    if (is.string(url) && options.url) {
+        url = new URL(url, options.url).toString();
+    }
+    options.prefixUrl = '';
+    options.url = url;
+    if (username !== undefined) {
+        options.username = username;
+    }
+    if (password !== undefined) {
+        options.password = password;
+    }
+    return options.url;
+}
+function assertValidHeaderName(name) {
+    if (name.startsWith(':')) {
+        throw new TypeError(`HTTP/2 pseudo-headers are not supported in \`options.headers\`: ${name}`);
+    }
+}
+/**
+Safely assign own properties from source to target, skipping `__proto__` to prevent prototype pollution from JSON.parse'd input.
+*/
+function safeObjectAssign(target, source) {
+    for (const key of Object.keys(source)) {
+        if (key === '__proto__') {
+            continue;
+        }
+        target[key] = source[key];
+    }
+}
 function validateSearchParameters(searchParameters) {
-    // eslint-disable-next-line guard-for-in
-    for (const key in searchParameters) {
+    for (const key of Object.keys(searchParameters)) {
+        if (key === '__proto__') {
+            continue;
+        }
         const value = searchParameters[key];
         assertAny(`searchParams.${key}`, [is.string, is.number, is.boolean, is.null, is.undefined], value);
     }
@@ -138,7 +197,7 @@ const defaultInternals = {
     password: '',
     http2: false,
     allowGetBody: false,
-    copyPipedHeaders: true,
+    copyPipedHeaders: false,
     headers: {
         'user-agent': 'got (https://github.com/sindresorhus/got)',
     },
@@ -182,8 +241,7 @@ const defaultInternals = {
         calculateDelay: ({ computedValue }) => computedValue,
         backoffLimit: Number.POSITIVE_INFINITY,
         noise: 100,
-        // TODO: Change default to `true` in the next major version to fix https://github.com/sindresorhus/got/issues/2243
-        enforceRetryRules: false,
+        enforceRetryRules: true,
     },
     localAddress: undefined,
     method: 'GET',
@@ -235,8 +293,9 @@ const defaultInternals = {
             const parsed = parseLinkHeader(rawLinkHeader);
             const next = parsed.find(entry => entry.parameters.rel === 'next' || entry.parameters.rel === '"next"');
             if (next) {
+                const baseUrl = response.request.options.url ?? response.url;
                 return {
-                    url: new URL(next.reference, response.url),
+                    url: new URL(next.reference, baseUrl),
                 };
             }
             return false;
@@ -252,7 +311,7 @@ const defaultInternals = {
     maxHeaderSize: undefined,
     signal: undefined,
     enableUnixSockets: false,
-    strictContentLength: false,
+    strictContentLength: true,
 };
 const cloneInternals = (internals) => {
     const { hooks, retry } = internals;
@@ -285,27 +344,24 @@ const cloneInternals = (internals) => {
     return result;
 };
 const cloneRaw = (raw) => {
-    const { hooks, retry } = raw;
     const result = { ...raw };
-    if (is.object(raw.context)) {
+    if (Object.hasOwn(raw, 'context') && is.object(raw.context)) {
         result.context = { ...raw.context };
     }
-    if (is.object(raw.cacheOptions)) {
+    if (Object.hasOwn(raw, 'cacheOptions') && is.object(raw.cacheOptions)) {
         result.cacheOptions = { ...raw.cacheOptions };
     }
-    if (is.object(raw.https)) {
+    if (Object.hasOwn(raw, 'https') && is.object(raw.https)) {
         result.https = { ...raw.https };
     }
-    if (is.object(raw.cacheOptions)) {
-        result.cacheOptions = { ...result.cacheOptions };
-    }
-    if (is.object(raw.agent)) {
+    if (Object.hasOwn(raw, 'agent') && is.object(raw.agent)) {
         result.agent = { ...raw.agent };
     }
-    if (is.object(raw.headers)) {
+    if (Object.hasOwn(raw, 'headers') && is.object(raw.headers)) {
         result.headers = { ...raw.headers };
     }
-    if (is.object(retry)) {
+    if (Object.hasOwn(raw, 'retry') && is.object(raw.retry)) {
+        const { retry } = raw;
         result.retry = { ...retry };
         if (is.array(retry.errorCodes)) {
             result.retry.errorCodes = [...retry.errorCodes];
@@ -317,10 +373,11 @@ const cloneRaw = (raw) => {
             result.retry.statusCodes = [...retry.statusCodes];
         }
     }
-    if (is.object(raw.timeout)) {
+    if (Object.hasOwn(raw, 'timeout') && is.object(raw.timeout)) {
         result.timeout = { ...raw.timeout };
     }
-    if (is.object(hooks)) {
+    if (Object.hasOwn(raw, 'hooks') && is.object(raw.hooks)) {
+        const { hooks } = raw;
         result.hooks = {
             ...hooks,
         };
@@ -346,7 +403,7 @@ const cloneRaw = (raw) => {
             result.hooks.afterResponse = [...hooks.afterResponse];
         }
     }
-    if (raw.searchParams) {
+    if (Object.hasOwn(raw, 'searchParams') && raw.searchParams) {
         if (is.string(raw.searchParams)) {
             result.searchParams = raw.searchParams;
         }
@@ -357,17 +414,34 @@ const cloneRaw = (raw) => {
             result.searchParams = { ...raw.searchParams };
         }
     }
-    if (is.object(raw.pagination)) {
+    if (Object.hasOwn(raw, 'pagination') && is.object(raw.pagination)) {
         result.pagination = { ...raw.pagination };
     }
     return result;
 };
 const getHttp2TimeoutOption = (internals) => {
     const delays = [internals.timeout.socket, internals.timeout.connect, internals.timeout.lookup, internals.timeout.request, internals.timeout.secureConnect].filter(delay => typeof delay === 'number');
-    if (delays.length > 0) {
-        return Math.min(...delays);
+    return delays.length > 0 ? Math.min(...delays) : undefined;
+};
+const trackStateMutation = (trackedStateMutations, name) => {
+    trackedStateMutations?.add(name);
+};
+const addExplicitHeader = (explicitHeaders, name) => {
+    explicitHeaders.add(name);
+};
+const markHeaderAsExplicit = (explicitHeaders, trackedStateMutations, name) => {
+    addExplicitHeader(explicitHeaders, name);
+    trackStateMutation(trackedStateMutations, name);
+};
+const trackReplacedHeaderMutations = (trackedStateMutations, previousHeaders, nextHeaders) => {
+    if (!trackedStateMutations) {
+        return;
+    }
+    for (const header of new Set([...Object.keys(previousHeaders), ...Object.keys(nextHeaders)])) {
+        if (previousHeaders[header] !== nextHeaders[header]) {
+            trackStateMutation(trackedStateMutations, header);
+        }
     }
-    return undefined;
 };
 const init = (options, withOptions, self) => {
     const initHooks = options.hooks?.init;
@@ -377,11 +451,15 @@ const init = (options, withOptions, self) => {
         }
     }
 };
+// Keys never merged: got.extend() internals, url (passed as first arg), control flags, security
+const nonMergeableKeys = new Set(['mutableDefaults', 'handlers', 'url', 'preserveHooks', 'isStream', '__proto__']);
 export default class Options {
-    _unixOptions;
-    _internals;
-    _merging = false;
-    _init;
+    #internals;
+    #headersProxy;
+    #merging = false;
+    #init;
+    #explicitHeaders;
+    #trackedStateMutations;
     constructor(input, options, defaults) {
         assertAny('input', [is.string, is.urlInstance, is.object, is.undefined], input);
         assertAny('options', [is.object, is.undefined], options);
@@ -389,8 +467,17 @@ export default class Options {
         if (input instanceof Options || options instanceof Options) {
             throw new TypeError('The defaults must be passed as the third argument');
         }
-        this._internals = cloneInternals(defaults?._internals ?? defaults ?? defaultInternals);
-        this._init = [...(defaults?._init ?? [])];
+        if (defaults) {
+            this.#internals = cloneInternals(defaults.#internals);
+            this.#init = [...defaults.#init];
+            this.#explicitHeaders = new Set(defaults.#explicitHeaders);
+        }
+        else {
+            this.#internals = cloneInternals(defaultInternals);
+            this.#init = [];
+            this.#explicitHeaders = new Set();
+        }
+        this.#headersProxy = this.#createHeadersProxy();
         // This rule allows `finally` to be considered more important.
         // Meaning no matter the error thrown in the `try` block,
         // if `finally` throws then the `finally` error will be thrown.
@@ -440,9 +527,9 @@ export default class Options {
             return;
         }
         if (options instanceof Options) {
-            // Create a copy of the _init array to avoid infinite loop
+            // Create a copy of the #init array to avoid infinite loop
             // when merging an Options instance with itself
-            const initArray = [...options._init];
+            const initArray = [...options.#init];
             for (const init of initArray) {
                 this.merge(init);
             }
@@ -451,24 +538,11 @@ export default class Options {
         options = cloneRaw(options);
         init(this, options, this);
         init(options, options, this);
-        this._merging = true;
-        // Always merge `isStream` first
-        if ('isStream' in options) {
-            this.isStream = options.isStream;
-        }
+        this.#merging = true;
         try {
             let push = false;
-            for (const key in options) {
-                // `got.extend()` options
-                if (key === 'mutableDefaults' || key === 'handlers') {
-                    continue;
-                }
-                // Never merge `url`
-                if (key === 'url') {
-                    continue;
-                }
-                // Never merge `preserveHooks` - it's a control flag, not a persistent option
-                if (key === 'preserveHooks') {
+            for (const key of Object.keys(options)) {
+                if (nonMergeableKeys.has(key)) {
                     continue;
                 }
                 if (!(key in this)) {
@@ -484,11 +558,11 @@ export default class Options {
                 push = true;
             }
             if (push) {
-                this._init.push(options);
+                this.#init.push(options);
             }
         }
         finally {
-            this._merging = false;
+            this.#merging = false;
         }
     }
     /**
@@ -498,11 +572,11 @@ export default class Options {
     @default http.request | https.request
     */
     get request() {
-        return this._internals.request;
+        return this.#internals.request;
     }
     set request(value) {
         assertAny('request', [is.function, is.undefined], value);
-        this._internals.request = value;
+        this.#internals.request = value;
     }
     /**
     An object representing `http`, `https` and `http2` keys for [`http.Agent`](https://nodejs.org/api/http.html#http_class_http_agent), [`https.Agent`](https://nodejs.org/api/https.html#https_class_https_agent) and [`http2wrapper.Agent`](https://github.com/szmarczak/http2-wrapper#new-http2agentoptions) instance.
@@ -527,47 +601,49 @@ export default class Options {
     ```
     */
     get agent() {
-        return this._internals.agent;
+        return this.#internals.agent;
     }
     set agent(value) {
         assertPlainObject('agent', value);
-        // eslint-disable-next-line guard-for-in
-        for (const key in value) {
-            if (!(key in this._internals.agent)) {
+        for (const key of Object.keys(value)) {
+            if (key === '__proto__') {
+                continue;
+            }
+            if (!(key in this.#internals.agent)) {
                 throw new TypeError(`Unexpected agent option: ${key}`);
             }
             // @ts-expect-error - No idea why `value[key]` doesn't work here.
             assertAny(`agent.${key}`, [is.object, is.undefined, (v) => v === false], value[key]);
         }
-        if (this._merging) {
-            Object.assign(this._internals.agent, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.agent, value);
         }
         else {
-            this._internals.agent = { ...value };
+            this.#internals.agent = { ...value };
         }
     }
     get h2session() {
-        return this._internals.h2session;
+        return this.#internals.h2session;
     }
     set h2session(value) {
-        this._internals.h2session = value;
+        this.#internals.h2session = value;
     }
     /**
     Decompress the response automatically.
 
     This will set the `accept-encoding` header to `gzip, deflate, br` unless you set it yourself.
 
-    If this is disabled, a compressed response is returned as a `Buffer`.
+    If this is disabled, a compressed response is returned as a `Uint8Array`.
     This may be useful if you want to handle decompression yourself or stream the raw compressed data.
 
     @default true
     */
     get decompress() {
-        return this._internals.decompress;
+        return this.#internals.decompress;
     }
     set decompress(value) {
         assert.boolean(value);
-        this._internals.decompress = value;
+        this.#internals.decompress = value;
     }
     /**
     Milliseconds to wait for the server to end the response before aborting the request with `got.TimeoutError` error (a.k.a. `request` property).
@@ -587,23 +663,25 @@ export default class Options {
     get timeout() {
         // We always return `Delays` here.
         // It has to be `Delays | number`, otherwise TypeScript will error because the getter and the setter have incompatible types.
-        return this._internals.timeout;
+        return this.#internals.timeout;
     }
     set timeout(value) {
         assertPlainObject('timeout', value);
-        // eslint-disable-next-line guard-for-in
-        for (const key in value) {
-            if (!(key in this._internals.timeout)) {
+        for (const key of Object.keys(value)) {
+            if (key === '__proto__') {
+                continue;
+            }
+            if (!(key in this.#internals.timeout)) {
                 throw new Error(`Unexpected timeout option: ${key}`);
             }
             // @ts-expect-error - No idea why `value[key]` doesn't work here.
             assertAny(`timeout.${key}`, [is.number, is.undefined], value[key]);
         }
-        if (this._merging) {
-            Object.assign(this._internals.timeout, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.timeout, value);
         }
         else {
-            this._internals.timeout = { ...value };
+            this.#internals.timeout = { ...value };
         }
     }
     /**
@@ -648,23 +726,23 @@ export default class Options {
     get prefixUrl() {
         // We always return `string` here.
         // It has to be `string | URL`, otherwise TypeScript will error because the getter and the setter have incompatible types.
-        return this._internals.prefixUrl;
+        return this.#internals.prefixUrl;
     }
     set prefixUrl(value) {
         assertAny('prefixUrl', [is.string, is.urlInstance], value);
         if (value === '') {
-            this._internals.prefixUrl = '';
+            this.#internals.prefixUrl = '';
             return;
         }
         value = value.toString();
         if (!value.endsWith('/')) {
             value += '/';
         }
-        if (this._internals.prefixUrl && this._internals.url) {
-            const { href } = this._internals.url;
-            this._internals.url.href = value + href.slice(this._internals.prefixUrl.length);
+        if (this.#internals.prefixUrl && this.#internals.url) {
+            const { href } = this.#internals.url;
+            this.#internals.url.href = value + href.slice(this.#internals.prefixUrl.length);
         }
-        this._internals.prefixUrl = value;
+        this.#internals.prefixUrl = value;
     }
     /**
     __Note #1__: The `body` option cannot be used with the `json` or `form` option.
@@ -675,7 +753,7 @@ export default class Options {
 
     __Note #4__: This option is not enumerable and will not be merged with the instance defaults.
 
-    The `content-length` header will be automatically set if `body` is a `string` / `Buffer` / typed array ([`Uint8Array`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array), etc.) / [`FormData`](https://developer.mozilla.org/en-US/docs/Web/API/FormData) / [`form-data` instance](https://github.com/form-data/form-data), and `content-length` and `transfer-encoding` are not manually set in `options.headers`.
+    The `content-length` header will be automatically set if `body` is a `string` / `Uint8Array` / typed array, and `content-length` and `transfer-encoding` are not manually set in `options.headers`.
 
     Since Got 12, the `content-length` is not automatically set when `body` is a `fs.createReadStream`.
 
@@ -697,18 +775,19 @@ export default class Options {
     ```
     */
     get body() {
-        return this._internals.body;
+        return this.#internals.body;
     }
     set body(value) {
-        assertAny('body', [is.string, is.buffer, is.nodeStream, is.generator, is.asyncGenerator, is.iterable, is.asyncIterable, isFormData, is.typedArray, is.undefined], value);
+        assertAny('body', [is.string, is.buffer, is.nodeStream, is.generator, is.asyncGenerator, is.iterable, is.asyncIterable, is.typedArray, is.undefined], value);
         if (is.nodeStream(value)) {
             assert.truthy(value.readable);
         }
         if (value !== undefined) {
-            assert.undefined(this._internals.form);
-            assert.undefined(this._internals.json);
+            assert.undefined(this.#internals.form);
+            assert.undefined(this.#internals.json);
         }
-        this._internals.body = value;
+        this.#internals.body = value;
+        trackStateMutation(this.#trackedStateMutations, 'body');
     }
     /**
     The form body is converted to a query string using [`(new URLSearchParams(object)).toString()`](https://nodejs.org/api/url.html#url_constructor_new_urlsearchparams_obj).
@@ -720,15 +799,16 @@ export default class Options {
     __Note #2__: This option is not enumerable and will not be merged with the instance defaults.
     */
     get form() {
-        return this._internals.form;
+        return this.#internals.form;
     }
     set form(value) {
         assertAny('form', [is.plainObject, is.undefined], value);
         if (value !== undefined) {
-            assert.undefined(this._internals.body);
-            assert.undefined(this._internals.json);
+            assert.undefined(this.#internals.body);
+            assert.undefined(this.#internals.json);
         }
-        this._internals.form = value;
+        this.#internals.form = value;
+        trackStateMutation(this.#trackedStateMutations, 'form');
     }
     /**
     JSON request body. If the `content-type` header is not set, it will be set to `application/json`.
@@ -740,14 +820,15 @@ export default class Options {
     __Note #2__: This option is not enumerable and will not be merged with the instance defaults.
     */
     get json() {
-        return this._internals.json;
+        return this.#internals.json;
     }
     set json(value) {
         if (value !== undefined) {
-            assert.undefined(this._internals.body);
-            assert.undefined(this._internals.form);
+            assert.undefined(this.#internals.body);
+            assert.undefined(this.#internals.form);
         }
-        this._internals.json = value;
+        this.#internals.json = value;
+        trackStateMutation(this.#trackedStateMutations, 'json');
     }
     /**
     The URL to request, as a string, a [`https.request` options object](https://nodejs.org/api/https.html#https_https_request_options_callback), or a [WHATWG `URL`](https://nodejs.org/api/url.html#url_class_url).
@@ -768,24 +849,34 @@ export default class Options {
     ```
     */
     get url() {
-        return this._internals.url;
+        return this.#internals.url;
     }
     set url(value) {
         assertAny('url', [is.string, is.urlInstance, is.undefined], value);
         if (value === undefined) {
-            this._internals.url = undefined;
+            this.#internals.url = undefined;
+            trackStateMutation(this.#trackedStateMutations, 'url');
             return;
         }
         if (is.string(value) && value.startsWith('/')) {
             throw new Error('`url` must not start with a slash');
         }
-        // Detect if URL is already absolute (has a protocol/scheme)
         const valueString = value.toString();
-        const isAbsolute = is.urlInstance(value) || /^[a-z][a-z\d+.-]*:\/\//i.test(valueString);
+        if (is.string(value)
+            && !this.prefixUrl
+            && hasHttpProtocolWithoutSlashes(valueString)) {
+            throw new Error('`url` protocol must be followed by `//`');
+        }
+        // Detect if URL is already absolute (has a protocol/scheme)
+        const isAbsolute = is.urlInstance(value) || hasProtocolSlashes(valueString);
         // Only concatenate prefixUrl if the URL is relative
         const urlString = isAbsolute ? valueString : `${this.prefixUrl}${valueString}`;
         const url = new URL(urlString);
-        this._internals.url = url;
+        this.#internals.url = url;
+        trackStateMutation(this.#trackedStateMutations, 'url');
+        if (usesUnixSocket(url) && !this.#internals.enableUnixSockets) {
+            throw new Error('Using UNIX domain sockets but option `enableUnixSockets` is not enabled');
+        }
         if (url.protocol === 'unix:') {
             url.href = `http://unix${url.pathname}${url.search}`;
         }
@@ -794,37 +885,18 @@ export default class Options {
             error.code = 'ERR_UNSUPPORTED_PROTOCOL';
             throw error;
         }
-        if (this._internals.username) {
-            url.username = this._internals.username;
-            this._internals.username = '';
+        if (this.#internals.username) {
+            url.username = this.#internals.username;
+            this.#internals.username = '';
         }
-        if (this._internals.password) {
-            url.password = this._internals.password;
-            this._internals.password = '';
+        if (this.#internals.password) {
+            url.password = this.#internals.password;
+            this.#internals.password = '';
         }
-        if (this._internals.searchParams) {
-            url.search = this._internals.searchParams.toString();
-            this._internals.searchParams = undefined;
-        }
-        if (url.hostname === 'unix') {
-            if (!this._internals.enableUnixSockets) {
-                throw new Error('Using UNIX domain sockets but option `enableUnixSockets` is not enabled');
-            }
-            const matches = /(?<socketPath>.+?):(?<path>.+)/.exec(`${url.pathname}${url.search}`);
-            if (matches?.groups) {
-                const { socketPath, path } = matches.groups;
-                this._unixOptions = {
-                    socketPath,
-                    path,
-                    host: '',
-                };
-            }
-            else {
-                this._unixOptions = undefined;
-            }
-            return;
+        if (this.#internals.searchParams) {
+            url.search = this.#internals.searchParams.toString();
+            this.#internals.searchParams = undefined;
         }
-        this._unixOptions = undefined;
     }
     /**
     Cookie support. You don't have to care about parsing or how to store them.
@@ -832,12 +904,12 @@ export default class Options {
     __Note__: If you provide this option, `options.headers.cookie` will be overridden.
     */
     get cookieJar() {
-        return this._internals.cookieJar;
+        return this.#internals.cookieJar;
     }
     set cookieJar(value) {
         assertAny('cookieJar', [is.object, is.undefined], value);
         if (value === undefined) {
-            this._internals.cookieJar = undefined;
+            this.#internals.cookieJar = undefined;
             return;
         }
         let { setCookie, getCookieString } = value;
@@ -847,13 +919,13 @@ export default class Options {
         if (setCookie.length === 4 && getCookieString.length === 0) {
             setCookie = promisify(setCookie.bind(value));
             getCookieString = promisify(getCookieString.bind(value));
-            this._internals.cookieJar = {
+            this.#internals.cookieJar = {
                 setCookie,
                 getCookieString: getCookieString,
             };
         }
         else {
-            this._internals.cookieJar = value;
+            this.#internals.cookieJar = value;
         }
     }
     /**
@@ -875,11 +947,11 @@ export default class Options {
     ```
     */
     get signal() {
-        return this._internals.signal;
+        return this.#internals.signal;
     }
     set signal(value) {
-        assert.object(value);
-        this._internals.signal = value;
+        assertAny('signal', [is.object, is.undefined], value);
+        this.#internals.signal = value;
     }
     /**
     Ignore invalid cookies instead of throwing an error.
@@ -888,11 +960,11 @@ export default class Options {
     @default false
     */
     get ignoreInvalidCookies() {
-        return this._internals.ignoreInvalidCookies;
+        return this.#internals.ignoreInvalidCookies;
     }
     set ignoreInvalidCookies(value) {
         assert.boolean(value);
-        this._internals.ignoreInvalidCookies = value;
+        this.#internals.ignoreInvalidCookies = value;
     }
     /**
     Query string that will be added to the request URL.
@@ -913,19 +985,17 @@ export default class Options {
     ```
     */
     get searchParams() {
-        if (this._internals.url) {
-            return this._internals.url.searchParams;
+        if (this.#internals.url) {
+            return this.#internals.url.searchParams;
         }
-        if (this._internals.searchParams === undefined) {
-            this._internals.searchParams = new URLSearchParams();
-        }
-        return this._internals.searchParams;
+        this.#internals.searchParams ??= new URLSearchParams();
+        return this.#internals.searchParams;
     }
     set searchParams(value) {
         assertAny('searchParams', [is.string, is.object, is.undefined], value);
-        const url = this._internals.url;
+        const url = this.#internals.url;
         if (value === undefined) {
-            this._internals.searchParams = undefined;
+            this.#internals.searchParams = undefined;
             if (url) {
                 url.search = '';
             }
@@ -942,8 +1012,10 @@ export default class Options {
         else {
             validateSearchParameters(value);
             updated = new URLSearchParams();
-            // eslint-disable-next-line guard-for-in
-            for (const key in value) {
+            for (const key of Object.keys(value)) {
+                if (key === '__proto__') {
+                    continue;
+                }
                 const entry = value[key];
                 if (entry === null) {
                     updated.append(key, '');
@@ -956,7 +1028,7 @@ export default class Options {
                 }
             }
         }
-        if (this._merging) {
+        if (this.#merging) {
             // These keys will be replaced
             for (const key of updated.keys()) {
                 searchParameters.delete(key);
@@ -969,7 +1041,7 @@ export default class Options {
             url.search = searchParameters.toString();
         }
         else {
-            this._internals.searchParams = searchParameters;
+            this.#internals.searchParams = searchParameters;
         }
     }
     get searchParameters() {
@@ -979,11 +1051,11 @@ export default class Options {
         throw new Error('The `searchParameters` option does not exist. Use `searchParams` instead.');
     }
     get dnsLookup() {
-        return this._internals.dnsLookup;
+        return this.#internals.dnsLookup;
     }
     set dnsLookup(value) {
         assertAny('dnsLookup', [is.function, is.undefined], value);
-        this._internals.dnsLookup = value;
+        this.#internals.dnsLookup = value;
     }
     /**
     An instance of [`CacheableLookup`](https://github.com/szmarczak/cacheable-lookup) used for making DNS lookups.
@@ -996,18 +1068,18 @@ export default class Options {
     @default false
     */
     get dnsCache() {
-        return this._internals.dnsCache;
+        return this.#internals.dnsCache;
     }
     set dnsCache(value) {
         assertAny('dnsCache', [is.object, is.boolean, is.undefined], value);
         if (value === true) {
-            this._internals.dnsCache = getGlobalDnsCache();
+            this.#internals.dnsCache = getGlobalDnsCache();
         }
         else if (value === false) {
-            this._internals.dnsCache = undefined;
+            this.#internals.dnsCache = undefined;
         }
         else {
-            this._internals.dnsCache = value;
+            this.#internals.dnsCache = value;
         }
     }
     /**
@@ -1042,15 +1114,15 @@ export default class Options {
     ```
     */
     get context() {
-        return this._internals.context;
+        return this.#internals.context;
     }
     set context(value) {
         assert.object(value);
-        if (this._merging) {
-            Object.assign(this._internals.context, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.context, value);
         }
         else {
-            this._internals.context = { ...value };
+            this.#internals.context = { ...value };
         }
     }
     /**
@@ -1058,13 +1130,15 @@ export default class Options {
     Hook functions may be async and are run serially.
     */
     get hooks() {
-        return this._internals.hooks;
+        return this.#internals.hooks;
     }
     set hooks(value) {
         assert.object(value);
-        // eslint-disable-next-line guard-for-in
-        for (const knownHookEvent in value) {
-            if (!(knownHookEvent in this._internals.hooks)) {
+        for (const knownHookEvent of Object.keys(value)) {
+            if (knownHookEvent === '__proto__') {
+                continue;
+            }
+            if (!(knownHookEvent in this.#internals.hooks)) {
                 throw new Error(`Unexpected hook event: ${knownHookEvent}`);
             }
             const typedKnownHookEvent = knownHookEvent;
@@ -1075,10 +1149,10 @@ export default class Options {
                     assert.function(hook);
                 }
             }
-            if (this._merging) {
+            if (this.#merging) {
                 if (hooks) {
                     // @ts-expect-error FIXME
-                    this._internals.hooks[typedKnownHookEvent].push(...hooks);
+                    this.#internals.hooks[typedKnownHookEvent].push(...hooks);
                 }
             }
             else {
@@ -1086,7 +1160,7 @@ export default class Options {
                     throw new Error(`Missing hook event: ${knownHookEvent}`);
                 }
                 // @ts-expect-error FIXME
-                this._internals.hooks[knownHookEvent] = [...hooks];
+                this.#internals.hooks[knownHookEvent] = [...hooks];
             }
         }
     }
@@ -1097,15 +1171,16 @@ export default class Options {
 
     Note that if a `303` is sent by the server in response to any request type (`POST`, `DELETE`, etc.), Got will automatically request the resource pointed to in the location header via `GET`.
     This is in accordance with [the spec](https://tools.ietf.org/html/rfc7231#section-6.4.4). You can optionally turn on this behavior also for other redirect codes - see `methodRewriting`.
+    On cross-origin redirects, Got strips `host`, `cookie`, `cookie2`, `authorization`, and `proxy-authorization`. When a redirect rewrites the request to `GET`, Got also strips request body headers. Use `hooks.beforeRedirect` for app-specific sensitive headers.
 
     @default true
     */
     get followRedirect() {
-        return this._internals.followRedirect;
+        return this.#internals.followRedirect;
     }
     set followRedirect(value) {
         assertAny('followRedirect', [is.boolean, is.function], value);
-        this._internals.followRedirect = value;
+        this.#internals.followRedirect = value;
     }
     get followRedirects() {
         throw new TypeError('The `followRedirects` option does not exist. Use `followRedirect` instead.');
@@ -1119,11 +1194,11 @@ export default class Options {
     @default 10
     */
     get maxRedirects() {
-        return this._internals.maxRedirects;
+        return this.#internals.maxRedirects;
     }
     set maxRedirects(value) {
         assert.number(value);
-        this._internals.maxRedirects = value;
+        this.#internals.maxRedirects = value;
     }
     /**
     A cache adapter instance for storing cached response data.
@@ -1131,18 +1206,18 @@ export default class Options {
     @default false
     */
     get cache() {
-        return this._internals.cache;
+        return this.#internals.cache;
     }
     set cache(value) {
         assertAny('cache', [is.object, is.string, is.boolean, is.undefined], value);
         if (value === true) {
-            this._internals.cache = globalCache;
+            this.#internals.cache = globalCache;
         }
         else if (value === false) {
-            this._internals.cache = undefined;
+            this.#internals.cache = undefined;
         }
         else {
-            this._internals.cache = wrapQuickLruIfNeeded(value);
+            this.#internals.cache = wrapQuickLruIfNeeded(value);
         }
     }
     /**
@@ -1154,43 +1229,45 @@ export default class Options {
     @default true
     */
     get throwHttpErrors() {
-        return this._internals.throwHttpErrors;
+        return this.#internals.throwHttpErrors;
     }
     set throwHttpErrors(value) {
         assert.boolean(value);
-        this._internals.throwHttpErrors = value;
+        this.#internals.throwHttpErrors = value;
     }
     get username() {
-        const url = this._internals.url;
-        const value = url ? url.username : this._internals.username;
+        const url = this.#internals.url;
+        const value = url ? url.username : this.#internals.username;
         return decodeURIComponent(value);
     }
     set username(value) {
         assert.string(value);
-        const url = this._internals.url;
+        const url = this.#internals.url;
         const fixedValue = encodeURIComponent(value);
         if (url) {
             url.username = fixedValue;
         }
         else {
-            this._internals.username = fixedValue;
+            this.#internals.username = fixedValue;
         }
+        trackStateMutation(this.#trackedStateMutations, 'username');
     }
     get password() {
-        const url = this._internals.url;
-        const value = url ? url.password : this._internals.password;
+        const url = this.#internals.url;
+        const value = url ? url.password : this.#internals.password;
         return decodeURIComponent(value);
     }
     set password(value) {
         assert.string(value);
-        const url = this._internals.url;
+        const url = this.#internals.url;
         const fixedValue = encodeURIComponent(value);
         if (url) {
             url.password = fixedValue;
         }
         else {
-            this._internals.password = fixedValue;
+            this.#internals.password = fixedValue;
         }
+        trackStateMutation(this.#trackedStateMutations, 'password');
     }
     /**
     If set to `true`, Got will additionally accept HTTP2 requests.
@@ -1214,11 +1291,11 @@ export default class Options {
     ```
     */
     get http2() {
-        return this._internals.http2;
+        return this.#internals.http2;
     }
     set http2(value) {
         assert.boolean(value);
-        this._internals.http2 = value;
+        this.#internals.http2 = value;
     }
     /**
     Set this to `true` to allow sending body for the `GET` method.
@@ -1230,36 +1307,35 @@ export default class Options {
     @default false
     */
     get allowGetBody() {
-        return this._internals.allowGetBody;
+        return this.#internals.allowGetBody;
     }
     set allowGetBody(value) {
         assert.boolean(value);
-        this._internals.allowGetBody = value;
+        this.#internals.allowGetBody = value;
     }
     /**
     Automatically copy headers from piped streams.
 
     When piping a request into a Got stream (e.g., `request.pipe(got.stream(url))`), this controls whether headers from the source stream are automatically merged into the Got request headers.
 
-    Note: Piped headers overwrite any explicitly set headers with the same name. To override this, either set `copyPipedHeaders` to `false` and manually copy safe headers, or use a `beforeRequest` hook to force specific header values after piping.
+    Note: Explicitly set headers take precedence over piped headers. Piped headers are only copied when a header is not already explicitly set.
 
-    Useful for proxy scenarios, but you may want to disable this to filter out headers like `Host`, `Connection`, `Authorization`, etc.
+    Useful for proxy scenarios when explicitly enabled, but you may still want to filter out headers like `Host`, `Connection`, `Authorization`, etc.
 
-    @default true
+    @default false
 
     @example
     ```
     import got from 'got';
     import {pipeline} from 'node:stream/promises';
 
-    // Disable automatic header copying and manually copy only safe headers
+    // Opt in to automatic header copying for proxy scenarios
     server.get('/proxy', async (request, response) => {
         const gotStream = got.stream('https://example.com', {
-            copyPipedHeaders: false,
+            copyPipedHeaders: true,
+            // Explicit headers win over piped headers
             headers: {
-                'user-agent': request.headers['user-agent'],
-                'accept': request.headers['accept'],
-                // Explicitly NOT copying host, connection, authorization, etc.
+                host: 'example.com',
             }
         });
 
@@ -1270,27 +1346,114 @@ export default class Options {
     @example
     ```
     import got from 'got';
+    import {pipeline} from 'node:stream/promises';
 
-    // Override piped headers using beforeRequest hook
-    const gotStream = got.stream('https://example.com', {
-        hooks: {
-            beforeRequest: [
-                options => {
-                    // Force specific header values after piping
-                    options.headers.host = 'example.com';
-                    delete options.headers.authorization;
-                }
-            ]
-        }
+    // Keep it disabled and manually copy only safe headers
+    server.get('/proxy', async (request, response) => {
+        const gotStream = got.stream('https://example.com', {
+            headers: {
+                'user-agent': request.headers['user-agent'],
+                'accept': request.headers['accept'],
+                // Explicitly NOT copying host, connection, authorization, etc.
+            }
+        });
+
+        await pipeline(request, gotStream, response);
     });
     ```
     */
     get copyPipedHeaders() {
-        return this._internals.copyPipedHeaders;
+        return this.#internals.copyPipedHeaders;
     }
     set copyPipedHeaders(value) {
         assert.boolean(value);
-        this._internals.copyPipedHeaders = value;
+        this.#internals.copyPipedHeaders = value;
+    }
+    isHeaderExplicitlySet(name) {
+        return this.#explicitHeaders.has(name.toLowerCase());
+    }
+    shouldCopyPipedHeader(name) {
+        return !this.isHeaderExplicitlySet(name);
+    }
+    setPipedHeader(name, value) {
+        assertValidHeaderName(name);
+        this.#internals.headers[name.toLowerCase()] = value;
+    }
+    getInternalHeaders() {
+        return this.#internals.headers;
+    }
+    setInternalHeader(name, value) {
+        assertValidHeaderName(name);
+        this.#internals.headers[name.toLowerCase()] = value;
+    }
+    deleteInternalHeader(name) {
+        // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
+        delete this.#internals.headers[name.toLowerCase()];
+    }
+    async trackStateMutations(operation) {
+        const changedState = new Set();
+        this.#trackedStateMutations = changedState;
+        try {
+            return await operation(changedState);
+        }
+        finally {
+            this.#trackedStateMutations = undefined;
+        }
+    }
+    clearBody() {
+        this.body = undefined;
+        this.json = undefined;
+        this.form = undefined;
+        for (const header of bodyHeaderNames) {
+            this.deleteInternalHeader(header);
+        }
+    }
+    stripUnchangedCrossOriginState(previousState, changedState, { clearBody = true } = {}) {
+        const headers = this.getInternalHeaders();
+        const url = this.#internals.url;
+        for (const header of crossOriginStripHeaders) {
+            if (!changedState.has(header) && headers[header] === previousState.headers[header]) {
+                this.deleteInternalHeader(header);
+            }
+        }
+        if (!hasExplicitCredentialInUrlChange(changedState, url, 'username')) {
+            this.username = '';
+        }
+        if (!hasExplicitCredentialInUrlChange(changedState, url, 'password')) {
+            this.password = '';
+        }
+        if (clearBody && !changedState.has('body') && !changedState.has('json') && !changedState.has('form') && isBodyUnchanged(this, previousState)) {
+            this.clearBody();
+        }
+    }
+    /**
+    Strip sensitive headers and credentials when navigating to a different origin.
+    Headers and credentials explicitly provided in `userOptions` are preserved.
+    */
+    stripSensitiveHeaders(previousUrl, nextUrl, userOptions) {
+        if (isSameOrigin(previousUrl, nextUrl)) {
+            return;
+        }
+        const headers = lowercaseKeys(userOptions.headers ?? {});
+        for (const header of crossOriginStripHeaders) {
+            if (headers[header] === undefined) {
+                this.deleteInternalHeader(header);
+            }
+        }
+        const explicitUsername = Object.hasOwn(userOptions, 'username') ? userOptions.username : undefined;
+        const explicitPassword = Object.hasOwn(userOptions, 'password') ? userOptions.password : undefined;
+        const hasExplicitUsername = explicitUsername !== undefined
+            || hasCredentialInUrl(userOptions.url, 'username')
+            || isCrossOriginCredentialChanged(previousUrl, nextUrl, 'username');
+        const hasExplicitPassword = explicitPassword !== undefined
+            || hasCredentialInUrl(userOptions.url, 'password')
+            || isCrossOriginCredentialChanged(previousUrl, nextUrl, 'password');
+        if (!hasExplicitUsername && this.username) {
+            this.username = '';
+        }
+        if (!hasExplicitPassword && this.password) {
+            this.password = '';
+        }
     }
     /**
     Request headers.
@@ -1300,33 +1463,49 @@ export default class Options {
     @default {}
     */
     get headers() {
-        return this._internals.headers;
+        return this.#headersProxy;
     }
     set headers(value) {
         assertPlainObject('headers', value);
-        if (this._merging) {
-            Object.assign(this._internals.headers, lowercaseKeys(value));
+        const normalizedHeaders = lowercaseKeys(value);
+        for (const header of Object.keys(normalizedHeaders)) {
+            assertValidHeaderName(header);
+        }
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.headers, normalizedHeaders);
         }
         else {
-            this._internals.headers = lowercaseKeys(value);
+            const previousHeaders = this.#internals.headers;
+            this.#internals.headers = normalizedHeaders;
+            this.#headersProxy = this.#createHeadersProxy();
+            this.#explicitHeaders.clear();
+            trackReplacedHeaderMutations(this.#trackedStateMutations, previousHeaders, normalizedHeaders);
+        }
+        for (const header of Object.keys(normalizedHeaders)) {
+            if (this.#merging) {
+                markHeaderAsExplicit(this.#explicitHeaders, this.#trackedStateMutations, header);
+            }
+            else {
+                addExplicitHeader(this.#explicitHeaders, header);
+            }
         }
     }
     /**
     Specifies if the HTTP request method should be [rewritten as `GET`](https://tools.ietf.org/html/rfc7231#section-6.4) on redirects.
 
-    As the [specification](https://tools.ietf.org/html/rfc7231#section-6.4) prefers to rewrite the HTTP method only on `303` responses, this is Got's default behavior.
-    Setting `methodRewriting` to `true` will also rewrite `301` and `302` responses, as allowed by the spec. This is the behavior followed by `curl` and browsers.
+    As the [specification](https://tools.ietf.org/html/rfc7231#section-6.4) prefers to rewrite the HTTP method only on `303` responses, this is Got's default behavior. Cross-origin `301` and `302` redirects also rewrite `POST` requests to `GET` by default to avoid forwarding request bodies to another origin.
+    Setting `methodRewriting` to `true` will also rewrite same-origin `301` and `302` responses, as allowed by the spec. This is the behavior followed by `curl` and browsers.
 
     __Note__: Got never performs method rewriting on `307` and `308` responses, as this is [explicitly prohibited by the specification](https://www.rfc-editor.org/rfc/rfc7231#section-6.4.7).
 
     @default false
     */
     get methodRewriting() {
-        return this._internals.methodRewriting;
+        return this.#internals.methodRewriting;
     }
     set methodRewriting(value) {
         assert.boolean(value);
-        this._internals.methodRewriting = value;
+        this.#internals.methodRewriting = value;
     }
     /**
     Indicates which DNS record family to use.
@@ -1339,13 +1518,13 @@ export default class Options {
     @default undefined
     */
     get dnsLookupIpVersion() {
-        return this._internals.dnsLookupIpVersion;
+        return this.#internals.dnsLookupIpVersion;
     }
     set dnsLookupIpVersion(value) {
         if (value !== undefined && value !== 4 && value !== 6) {
             throw new TypeError(`Invalid DNS lookup IP version: ${value}`);
         }
-        this._internals.dnsLookupIpVersion = value;
+        this.#internals.dnsLookupIpVersion = value;
     }
     /**
     A function used to parse JSON responses.
@@ -1363,11 +1542,11 @@ export default class Options {
     ```
     */
     get parseJson() {
-        return this._internals.parseJson;
+        return this.#internals.parseJson;
     }
     set parseJson(value) {
         assert.function(value);
-        this._internals.parseJson = value;
+        this.#internals.parseJson = value;
     }
     /**
     A function used to stringify the body of JSON requests.
@@ -1411,11 +1590,11 @@ export default class Options {
     ```
     */
     get stringifyJson() {
-        return this._internals.stringifyJson;
+        return this.#internals.stringifyJson;
     }
     set stringifyJson(value) {
         assert.function(value);
-        this._internals.stringifyJson = value;
+        this.#internals.stringifyJson = value;
     }
     /**
     An object representing `limit`, `calculateDelay`, `methods`, `statusCodes`, `maxRetryAfter` and `errorCodes` fields for maximum retry count, retry handler, allowed methods, allowed status codes, maximum [`Retry-After`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After) time and allowed error codes.
@@ -1425,9 +1604,9 @@ export default class Options {
     The `calculateDelay` property is a `function` that receives an object with `attemptCount`, `retryOptions`, `error` and `computedValue` properties for current retry count, the retry options, error and default computed value.
     The function must return a delay in milliseconds (or a Promise resolving with it) (`0` return value cancels retry).
 
-    The `enforceRetryRules` property is a `boolean` that, when set to `true`, enforces the `limit`, `methods`, `statusCodes`, and `errorCodes` options before calling `calculateDelay`. Your `calculateDelay` function is only invoked when a retry is allowed based on these criteria. When `false` (default), `calculateDelay` receives the computed value but can override all retry logic.
+    The `enforceRetryRules` property is a `boolean` that, when set to `true` (default), enforces the `limit`, `methods`, `statusCodes`, and `errorCodes` options before calling `calculateDelay`. Your `calculateDelay` function is only invoked when a retry is allowed based on these criteria. When `false`, `calculateDelay` receives the computed value but can override all retry logic.
 
-    __Note:__ When `enforceRetryRules` is `false`, you must check `computedValue` in your `calculateDelay` function to respect the default retry logic. When `true`, the retry rules are enforced automatically.
+    __Note:__ When `enforceRetryRules` is `false`, you must check `computedValue` in your `calculateDelay` function to respect retry rules. When `true` (default), the retry rules are enforced automatically.
 
     By default, it retries *only* on the specified methods, status codes, and on these network errors:
 
@@ -1444,7 +1623,7 @@ export default class Options {
     __Note__: If [`Retry-After`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After) header is greater than `maxRetryAfter`, it will cancel the request.
     */
     get retry() {
-        return this._internals.retry;
+        return this.#internals.retry;
     }
     set retry(value) {
         assertPlainObject('retry', value);
@@ -1459,18 +1638,21 @@ export default class Options {
         if (value.noise && Math.abs(value.noise) > 100) {
             throw new Error(`The maximum acceptable retry noise is +/- 100ms, got ${value.noise}`);
         }
-        for (const key in value) {
-            if (!(key in this._internals.retry)) {
+        for (const key of Object.keys(value)) {
+            if (key === '__proto__') {
+                continue;
+            }
+            if (!(key in this.#internals.retry)) {
                 throw new Error(`Unexpected retry option: ${key}`);
             }
         }
-        if (this._merging) {
-            Object.assign(this._internals.retry, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.retry, value);
         }
         else {
-            this._internals.retry = { ...value };
+            this.#internals.retry = { ...value };
         }
-        const { retry } = this._internals;
+        const { retry } = this.#internals;
         retry.methods = [...new Set(retry.methods.map(method => method.toUpperCase()))];
         retry.statusCodes = [...new Set(retry.statusCodes)];
         retry.errorCodes = [...new Set(retry.errorCodes)];
@@ -1481,11 +1663,11 @@ export default class Options {
     The IP address used to send the request from.
     */
     get localAddress() {
-        return this._internals.localAddress;
+        return this.#internals.localAddress;
     }
     set localAddress(value) {
         assertAny('localAddress', [is.string, is.undefined], value);
-        this._internals.localAddress = value;
+        this.#internals.localAddress = value;
     }
     /**
     The HTTP method used to make the request.
@@ -1493,18 +1675,18 @@ export default class Options {
     @default 'GET'
     */
     get method() {
-        return this._internals.method;
+        return this.#internals.method;
     }
     set method(value) {
         assert.string(value);
-        this._internals.method = value.toUpperCase();
+        this.#internals.method = value.toUpperCase();
     }
     get createConnection() {
-        return this._internals.createConnection;
+        return this.#internals.createConnection;
     }
     set createConnection(value) {
         assertAny('createConnection', [is.function, is.undefined], value);
-        this._internals.createConnection = value;
+        this.#internals.createConnection = value;
     }
     /**
     From `http-cache-semantics`
@@ -1512,7 +1694,7 @@ export default class Options {
     @default {}
     */
     get cacheOptions() {
-        return this._internals.cacheOptions;
+        return this.#internals.cacheOptions;
     }
     set cacheOptions(value) {
         assertPlainObject('cacheOptions', value);
@@ -1520,23 +1702,26 @@ export default class Options {
         assertAny('cacheOptions.cacheHeuristic', [is.number, is.undefined], value.cacheHeuristic);
         assertAny('cacheOptions.immutableMinTimeToLive', [is.number, is.undefined], value.immutableMinTimeToLive);
         assertAny('cacheOptions.ignoreCargoCult', [is.boolean, is.undefined], value.ignoreCargoCult);
-        for (const key in value) {
-            if (!(key in this._internals.cacheOptions)) {
+        for (const key of Object.keys(value)) {
+            if (key === '__proto__') {
+                continue;
+            }
+            if (!(key in this.#internals.cacheOptions)) {
                 throw new Error(`Cache option \`${key}\` does not exist`);
             }
         }
-        if (this._merging) {
-            Object.assign(this._internals.cacheOptions, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.cacheOptions, value);
         }
         else {
-            this._internals.cacheOptions = { ...value };
+            this.#internals.cacheOptions = { ...value };
         }
     }
     /**
     Options for the advanced HTTPS API.
     */
     get https() {
-        return this._internals.https;
+        return this.#internals.https;
     }
     set https(value) {
         assertPlainObject('https', value);
@@ -1559,22 +1744,25 @@ export default class Options {
         assertAny('https.ecdhCurve', [is.string, is.undefined], value.ecdhCurve);
         assertAny('https.certificateRevocationLists', [is.string, is.buffer, is.array, is.undefined], value.certificateRevocationLists);
         assertAny('https.secureOptions', [is.number, is.undefined], value.secureOptions);
-        for (const key in value) {
-            if (!(key in this._internals.https)) {
+        for (const key of Object.keys(value)) {
+            if (key === '__proto__') {
+                continue;
+            }
+            if (!(key in this.#internals.https)) {
                 throw new Error(`HTTPS option \`${key}\` does not exist`);
             }
         }
-        if (this._merging) {
-            Object.assign(this._internals.https, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.https, value);
         }
         else {
-            this._internals.https = { ...value };
+            this.#internals.https = { ...value };
         }
     }
     /**
     [Encoding](https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings) to be used on `setEncoding` of the response data.
 
-    To get a [`Buffer`](https://nodejs.org/api/buffer.html), you need to set `responseType` to `buffer` instead.
+    To get a [`Uint8Array`](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array), you need to set `responseType` to `buffer` instead.
     Don't set this option to `null`.
 
     __Note__: This doesn't affect streams! Instead, you need to do `got.stream(...).setEncoding(encoding)`.
@@ -1582,14 +1770,14 @@ export default class Options {
     @default 'utf-8'
     */
     get encoding() {
-        return this._internals.encoding;
+        return this.#internals.encoding;
     }
     set encoding(value) {
         if (value === null) {
-            throw new TypeError('To get a Buffer, set `options.responseType` to `buffer` instead');
+            throw new TypeError('To get a Uint8Array, set `options.responseType` to `buffer` instead');
         }
         assertAny('encoding', [is.string, is.undefined], value);
-        this._internals.encoding = value;
+        this.#internals.encoding = value;
     }
     /**
     When set to `true` the promise will return the Response body instead of the Response object.
@@ -1597,24 +1785,25 @@ export default class Options {
     @default false
     */
     get resolveBodyOnly() {
-        return this._internals.resolveBodyOnly;
+        return this.#internals.resolveBodyOnly;
     }
     set resolveBodyOnly(value) {
         assert.boolean(value);
-        this._internals.resolveBodyOnly = value;
+        this.#internals.resolveBodyOnly = value;
     }
     /**
+    @internal
     Returns a `Stream` instead of a `Promise`.
-    This is equivalent to calling `got.stream(url, options?)`.
+    Set internally by `got.stream()`.
 
     @default false
     */
     get isStream() {
-        return this._internals.isStream;
+        return this.#internals.isStream;
     }
     set isStream(value) {
         assert.boolean(value);
-        this._internals.isStream = value;
+        this.#internals.isStream = value;
     }
     /**
     The parsing method.
@@ -1633,7 +1822,7 @@ export default class Options {
 
     const [response, buffer, json] = Promise.all([responsePromise, bufferPromise, jsonPromise]);
     // `response` is an instance of Got Response
-    // `buffer` is an instance of Buffer
+    // `buffer` is an instance of Uint8Array
     // `json` is an object
     ```
 
@@ -1647,28 +1836,28 @@ export default class Options {
     ```
     */
     get responseType() {
-        return this._internals.responseType;
+        return this.#internals.responseType;
     }
     set responseType(value) {
         if (value === undefined) {
-            this._internals.responseType = 'text';
+            this.#internals.responseType = 'text';
             return;
         }
         if (value !== 'text' && value !== 'buffer' && value !== 'json') {
             throw new Error(`Invalid \`responseType\` option: ${value}`);
         }
-        this._internals.responseType = value;
+        this.#internals.responseType = value;
     }
     get pagination() {
-        return this._internals.pagination;
+        return this.#internals.pagination;
     }
     set pagination(value) {
         assert.object(value);
-        if (this._merging) {
-            Object.assign(this._internals.pagination, value);
+        if (this.#merging) {
+            safeObjectAssign(this.#internals.pagination, value);
         }
         else {
-            this._internals.pagination = value;
+            this.#internals.pagination = value;
         }
     }
     get auth() {
@@ -1678,25 +1867,25 @@ export default class Options {
         throw new Error('Parameter `auth` is deprecated. Use `username` / `password` instead.');
     }
     get setHost() {
-        return this._internals.setHost;
+        return this.#internals.setHost;
     }
     set setHost(value) {
         assert.boolean(value);
-        this._internals.setHost = value;
+        this.#internals.setHost = value;
     }
     get maxHeaderSize() {
-        return this._internals.maxHeaderSize;
+        return this.#internals.maxHeaderSize;
     }
     set maxHeaderSize(value) {
         assertAny('maxHeaderSize', [is.number, is.undefined], value);
-        this._internals.maxHeaderSize = value;
+        this.#internals.maxHeaderSize = value;
     }
     get enableUnixSockets() {
-        return this._internals.enableUnixSockets;
+        return this.#internals.enableUnixSockets;
     }
     set enableUnixSockets(value) {
         assert.boolean(value);
-        this._internals.enableUnixSockets = value;
+        this.#internals.enableUnixSockets = value;
     }
     /**
     Throw an error if the server response's `content-length` header value doesn't match the number of bytes received.
@@ -1706,24 +1895,24 @@ export default class Options {
     __Note__: Responses without a `content-length` header are not validated.
     __Note__: When enabled and validation fails, a `ReadError` with code `ERR_HTTP_CONTENT_LENGTH_MISMATCH` will be thrown.
 
-    @default false
+    @default true
     */
     get strictContentLength() {
-        return this._internals.strictContentLength;
+        return this.#internals.strictContentLength;
     }
     set strictContentLength(value) {
         assert.boolean(value);
-        this._internals.strictContentLength = value;
+        this.#internals.strictContentLength = value;
     }
     // eslint-disable-next-line @typescript-eslint/naming-convention
     toJSON() {
-        return { ...this._internals };
+        return { ...this.#internals };
     }
     [Symbol.for('nodejs.util.inspect.custom')](_depth, options) {
-        return inspect(this._internals, options);
+        return inspect(this.#internals, options);
     }
     createNativeRequestOptions() {
-        const internals = this._internals;
+        const internals = this.#internals;
         const url = internals.url;
         let agent;
         if (url.protocol === 'https:') {
@@ -1750,9 +1939,20 @@ export default class Options {
                 passphrase: object.passphrase,
             }));
         }
+        const unixSocketPath = getUnixSocketPath(url);
+        if (usesUnixSocket(url) && !internals.enableUnixSockets) {
+            throw new Error('Using UNIX domain sockets but option `enableUnixSockets` is not enabled');
+        }
+        let unixSocketGroups;
+        if (unixSocketPath !== undefined) {
+            unixSocketGroups = /(?<socketPath>.+?):(?<path>.+)/.exec(`${url.pathname}${url.search}`)?.groups;
+        }
+        const unixOptions = unixSocketGroups
+            ? { socketPath: unixSocketGroups.socketPath, path: unixSocketGroups.path, host: '' }
+            : undefined;
         return {
             ...internals.cacheOptions,
-            ...this._unixOptions,
+            ...unixOptions,
             // HTTPS options
             // eslint-disable-next-line @typescript-eslint/naming-convention
             ALPNProtocols: https.alpnProtocols,
@@ -1760,7 +1960,7 @@ export default class Options {
             cert: https.certificate,
             key: https.key,
             passphrase: https.passphrase,
-            pfx: https.pfx,
+            pfx,
             rejectUnauthorized: https.rejectUnauthorized,
             checkServerIdentity: https.checkServerIdentity ?? checkServerIdentity,
             servername: https.serverName,
@@ -1790,33 +1990,24 @@ export default class Options {
         };
     }
     getRequestFunction() {
-        const url = this._internals.url;
-        const { request } = this._internals;
-        if (!request && url) {
-            return this.getFallbackRequestFunction();
-        }
-        return request;
-    }
-    getFallbackRequestFunction() {
-        const url = this._internals.url;
-        if (!url) {
-            return;
-        }
-        if (url.protocol === 'https:') {
-            if (this._internals.http2) {
-                if (major < 15 || (major === 15 && minor < 10)) {
-                    const error = new Error('To use the `http2` option, install Node.js 15.10.0 or above');
-                    error.code = 'EUNSUPPORTED';
-                    throw error;
-                }
-                return http2wrapper.auto;
+        const { request: customRequest } = this.#internals;
+        if (!customRequest) {
+            return this.#getFallbackRequestFunction();
+        }
+        const requestWithFallback = (url, options, callback) => {
+            const result = customRequest(url, options, callback);
+            if (is.promise(result)) {
+                return this.#resolveRequestWithFallback(result, url, options, callback);
             }
-            return https.request;
-        }
-        return http.request;
+            if (result !== undefined) {
+                return result;
+            }
+            return this.#callFallbackRequest(url, options, callback);
+        };
+        return requestWithFallback;
     }
     freeze() {
-        const options = this._internals;
+        const options = this.#internals;
         Object.freeze(options);
         Object.freeze(options.hooks);
         Object.freeze(options.hooks.afterResponse);
@@ -1835,4 +2026,126 @@ export default class Options {
         Object.freeze(options.retry.methods);
         Object.freeze(options.retry.statusCodes);
     }
+    #createHeadersProxy() {
+        return new Proxy(this.#internals.headers, {
+            get(target, property, receiver) {
+                if (typeof property === 'string') {
+                    if (Reflect.has(target, property)) {
+                        return Reflect.get(target, property, receiver);
+                    }
+                    const normalizedProperty = property.toLowerCase();
+                    return Reflect.get(target, normalizedProperty, receiver);
+                }
+                return Reflect.get(target, property, receiver);
+            },
+            set: (target, property, value) => {
+                if (typeof property === 'string') {
+                    const normalizedProperty = property.toLowerCase();
+                    assertValidHeaderName(normalizedProperty);
+                    const isSuccess = Reflect.set(target, normalizedProperty, value);
+                    if (isSuccess) {
+                        markHeaderAsExplicit(this.#explicitHeaders, this.#trackedStateMutations, normalizedProperty);
+                    }
+                    return isSuccess;
+                }
+                return Reflect.set(target, property, value);
+            },
+            deleteProperty: (target, property) => {
+                if (typeof property === 'string') {
+                    const normalizedProperty = property.toLowerCase();
+                    const isSuccess = Reflect.deleteProperty(target, normalizedProperty);
+                    if (isSuccess) {
+                        this.#explicitHeaders.delete(normalizedProperty);
+                        trackStateMutation(this.#trackedStateMutations, normalizedProperty);
+                    }
+                    return isSuccess;
+                }
+                return Reflect.deleteProperty(target, property);
+            },
+        });
+    }
+    #getFallbackRequestFunction() {
+        const url = this.#internals.url;
+        if (!url) {
+            return;
+        }
+        if (url.protocol === 'https:') {
+            if (this.#internals.http2) {
+                if (major < 15 || (major === 15 && minor < 10)) {
+                    const error = new Error('To use the `http2` option, install Node.js 15.10.0 or above');
+                    error.code = 'EUNSUPPORTED';
+                    throw error;
+                }
+                return http2wrapper.auto;
+            }
+            return https.request;
+        }
+        return http.request;
+    }
+    #callFallbackRequest(url, options, callback) {
+        const fallbackRequest = this.#getFallbackRequestFunction();
+        if (!fallbackRequest) {
+            throw new TypeError('The request function must return a value');
+        }
+        const fallbackResult = fallbackRequest(url, options, callback);
+        if (fallbackResult === undefined) {
+            throw new TypeError('The request function must return a value');
+        }
+        if (is.promise(fallbackResult)) {
+            return this.#resolveFallbackRequestResult(fallbackResult);
+        }
+        return fallbackResult;
+    }
+    async #resolveRequestWithFallback(requestResult, url, options, callback) {
+        const result = await requestResult;
+        if (result !== undefined) {
+            return result;
+        }
+        return this.#callFallbackRequest(url, options, callback);
+    }
+    async #resolveFallbackRequestResult(fallbackResult) {
+        const resolvedFallbackResult = await fallbackResult;
+        if (resolvedFallbackResult === undefined) {
+            throw new TypeError('The request function must return a value');
+        }
+        return resolvedFallbackResult;
+    }
 }
+export const snapshotCrossOriginState = (options) => ({
+    headers: { ...options.getInternalHeaders() },
+    username: options.username,
+    password: options.password,
+    body: options.body,
+    json: options.json,
+    form: options.form,
+    bodySnapshot: cloneCrossOriginBodyValue(options.body),
+    jsonSnapshot: cloneCrossOriginBodyValue(options.json),
+    formSnapshot: cloneCrossOriginBodyValue(options.form),
+});
+const cloneCrossOriginBodyValue = (value) => {
+    if (value === undefined || value === null || typeof value !== 'object') {
+        return value;
+    }
+    try {
+        return structuredClone(value);
+    }
+    catch {
+        return undefined;
+    }
+};
+const isUnchangedCrossOriginBodyValue = (currentValue, previousValue, previousSnapshot) => {
+    if (currentValue !== previousValue) {
+        return false;
+    }
+    if (currentValue === undefined || currentValue === null || typeof currentValue !== 'object') {
+        return true;
+    }
+    if (previousSnapshot === undefined) {
+        return true;
+    }
+    return isDeepStrictEqual(currentValue, previousSnapshot);
+};
+export const isCrossOriginCredentialChanged = (previousUrl, nextUrl, credential) => (nextUrl[credential] !== '' && nextUrl[credential] !== previousUrl[credential]);
+export const isBodyUnchanged = (options, previousState) => isUnchangedCrossOriginBodyValue(options.body, previousState.body, previousState.bodySnapshot)
+    && isUnchangedCrossOriginBodyValue(options.json, previousState.json, previousState.jsonSnapshot)
+    && isUnchangedCrossOriginBodyValue(options.form, previousState.form, previousState.formSnapshot);