diff --git a/lib/fetch/constants.js b/lib/fetch/constants.js
index f3779486d4b..2eff7596968 100644
--- a/lib/fetch/constants.js
+++ b/lib/fetch/constants.js
@@ -58,6 +58,7 @@ const requestCache = [
   'only-if-cached'
 ]
 
+// https://fetch.spec.whatwg.org/#forbidden-response-header-name
 const forbiddenResponseHeaderNames = ['set-cookie', 'set-cookie2']
 
 const requestBodyHeader = [
diff --git a/lib/fetch/response.js b/lib/fetch/response.js
index b7c673754cc..4449d364005 100644
--- a/lib/fetch/response.js
+++ b/lib/fetch/response.js
@@ -8,7 +8,7 @@ const { responseURL, isValidReasonPhrase, toUSVString } = require('./util')
 const {
   redirectStatus,
   nullBodyStatus,
-  forbiddenHeaderNames
+  forbiddenResponseHeaderNames
 } = require('./constants')
 const { kState, kHeaders, kGuard, kRealm } = require('./symbols')
 const { kHeadersList } = require('../core/symbols')
@@ -366,6 +366,7 @@ function makeNetworkError (reason) {
   })
 }
 
+// https://fetch.spec.whatwg.org/#concept-filtered-response
 function filterResponse (response, type) {
   // Set response to the following filtered response with response as its
   // internal response, depending on request’s response tainting:
@@ -376,7 +377,7 @@ function filterResponse (response, type) {
 
     const headers = []
     for (let n = 0; n < response.headersList.length; n += 2) {
-      if (!forbiddenHeaderNames.includes(response.headersList[n])) {
+      if (!forbiddenResponseHeaderNames.includes(response.headersList[n])) {
         headers.push(response.headersList[n + 0], response.headersList[n + 1])
       }
     }