Allow cookie related headers in incoming requests

On the web, the `set-cookie` and `set-cookie2` are stripped from incoming responses when a response is shown to the user. For servers, this does not make sense because they do not have a cookie jar that would automatically handle these cookies.

We should allow reading these headers.