diff --git a/lib/web/eventsource/eventsource.js b/lib/web/eventsource/eventsource.js
index 32dcf0e423e..17a1de7b7ba 100644
--- a/lib/web/eventsource/eventsource.js
+++ b/lib/web/eventsource/eventsource.js
@@ -2,7 +2,6 @@
 
 const { pipeline } = require('node:stream')
 const { fetching } = require('../fetch')
-const { makeRequest } = require('../fetch/request')
 const { webidl } = require('../webidl')
 const { EventSourceStream } = require('./eventsource-stream')
 const { parseMIMEType } = require('../fetch/data-url')
@@ -10,6 +9,7 @@ const { createFastMessageEvent } = require('../websocket/events')
 const { isNetworkError } = require('../fetch/response')
 const { kEnumerableProperty } = require('../../core/util')
 const { environmentSettingsObject } = require('../fetch/util')
+const { createPotentialCORSRequest } = require('./util')
 
 let experimentalWarned = false
 
@@ -160,33 +160,22 @@ class EventSource extends EventTarget {
 
     // 8. Let request be the result of creating a potential-CORS request given
     // urlRecord, the empty string, and corsAttributeState.
-    const initRequest = {
-      redirect: 'follow',
-      keepalive: true,
-      // @see https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
-      mode: 'cors',
-      credentials: corsAttributeState === 'anonymous'
-        ? 'same-origin'
-        : 'omit',
-      referrer: 'no-referrer'
-    }
+    const request = createPotentialCORSRequest(urlRecord, '', corsAttributeState)
 
     // 9. Set request's client to settings.
-    initRequest.client = environmentSettingsObject.settingsObject
+    request.client = environmentSettingsObject.settingsObject
 
     // 10. User agents may set (`Accept`, `text/event-stream`) in request's header list.
-    initRequest.headersList = [['accept', { name: 'accept', value: 'text/event-stream' }]]
+    request.headersList.set('Accept', 'text/event-stream')
 
     // 11. Set request's cache mode to "no-store".
-    initRequest.cache = 'no-store'
+    request.cache = 'no-store'
 
     // 12. Set request's initiator type to "other".
-    initRequest.initiator = 'other'
-
-    initRequest.urlList = [new URL(this.#url)]
+    request.initiator = 'other'
 
     // 13. Set ev's request to request.
-    this.#request = makeRequest(initRequest)
+    this.#request = request
 
     this.#connect()
   }
diff --git a/lib/web/eventsource/util.js b/lib/web/eventsource/util.js
index a87cc834eca..4f106bb4061 100644
--- a/lib/web/eventsource/util.js
+++ b/lib/web/eventsource/util.js
@@ -1,5 +1,7 @@
 'use strict'
 
+const { makeRequest } = require('../fetch/request')
+
 /**
  * Checks if the given value is a valid LastEventId.
  * @param {string} value
@@ -23,7 +25,36 @@ function isASCIINumber (value) {
   return true
 }
 
+function createPotentialCORSRequest (url, destination, corsAttributeState, sameOriginFallback) {
+  // 1. Let mode be "no-cors" if corsAttributeState is No CORS, and "cors" otherwise.
+  let mode = corsAttributeState === 'no cors' ? 'no-cors' : 'cors'
+
+  // 2. If same-origin fallback flag is set and mode is "no-cors", set mode to "same-origin".
+  if (sameOriginFallback && mode === 'no-cors') {
+    mode = 'same-origin'
+  }
+
+  // 3. Let credentialsMode be "include".
+  let credentialsMode = 'include'
+
+  // 4. If corsAttributeState is Anonymous, set credentialsMode to "same-origin".
+  if (corsAttributeState === 'anonymous') {
+    credentialsMode = 'same-origin'
+  }
+
+  // 5. Return a new request whose URL is url, destination is destination, mode is mode,
+  //    credentials mode is credentialsMode, and whose use-URL-credentials flag is set.
+  return makeRequest({
+    urlList: [url],
+    destination,
+    mode,
+    credentials: credentialsMode,
+    useCredentials: true
+  })
+}
+
 module.exports = {
   isValidLastEventId,
-  isASCIINumber
+  isASCIINumber,
+  createPotentialCORSRequest
 }
diff --git a/lib/web/fetch/request.js b/lib/web/fetch/request.js
index 1fb6b8a45e5..dbe809c289c 100644
--- a/lib/web/fetch/request.js
+++ b/lib/web/fetch/request.js
@@ -930,6 +930,7 @@ function makeRequest (init) {
     referrerPolicy: init.referrerPolicy ?? '',
     mode: init.mode ?? 'no-cors',
     useCORSPreflightFlag: init.useCORSPreflightFlag ?? false,
+    // TODO: is this credentials mode? https://fetch.spec.whatwg.org/#concept-request-credentials-mode
     credentials: init.credentials ?? 'same-origin',
     useCredentials: init.useCredentials ?? false,
     cache: init.cache ?? 'default',
diff --git a/test/web-platform-tests/expectation.json b/test/web-platform-tests/expectation.json
index 32d4862bd18..001ed3ffe9e 100644
--- a/test/web-platform-tests/expectation.json
+++ b/test/web-platform-tests/expectation.json
@@ -43499,11 +43499,11 @@
           "success": true
         },
         {
-          "name": "EventSource: lastEventId persists",
+          "name": "EventSource: lastEventId resets (id without colon)",
           "success": true
         },
         {
-          "name": "EventSource: lastEventId resets (id without colon)",
+          "name": "EventSource: lastEventId persists",
           "success": true
         }
       ]