Ran into this issue when setting the csrf-token as well as x-requested-with as default headers. To reproduce:

(def default-headers
  [["X-Requested-With" "xmlhttprequest"]
   ["X-Csrf-Token" (csrf-token)]])

(cljs-http.core/request {:method get :url "/page" :default-headers default-headers})

This results in the following request headers:

X-Csrf-Token:tzKsIB0b-abc123
X-Requested-With:tzKsIB0b-abc123

Reversing the order of the default-headers results in the request headers having "xmlhttprequest" for both values. In other words, using multiple key value pairs here results in all keys being set to the same value, whichever is last. Changing to a hashmap results in the same behavior (though the ordering isn't guaranteed).

I was able to reproduce this in test case by adding a second key/value pair in test/core/test-build-xhr.

I have made a fix that passes the test and will attach it as a pull request shortly.

Just a quick note for anyone that is bitten by this before it gets fixed/released:

For now, it works to pass in a one argument map/vector as a default-header and to pass any others in under the :headers keyword of the request itself.