diff --git a/packages/core-data/src/hooks/test/use-resource-permissions.js b/packages/core-data/src/hooks/test/use-resource-permissions.js
index b7b206c3a879b..bb6c3a85c191f 100644
--- a/packages/core-data/src/hooks/test/use-resource-permissions.js
+++ b/packages/core-data/src/hooks/test/use-resource-permissions.js
@@ -24,11 +24,9 @@ describe( 'useResourcePermissions', () => {
 		registry.register( coreDataStore );
 
 		triggerFetch.mockImplementation( () => ( {
-			headers: {
-				get: () => ( {
-					allow: 'POST',
-				} ),
-			},
+			headers: new Headers( {
+				allow: 'POST',
+			} ),
 		} ) );
 	} );
 
diff --git a/packages/core-data/src/resolvers.js b/packages/core-data/src/resolvers.js
index e81b95898c0d5..73528a365c4c5 100644
--- a/packages/core-data/src/resolvers.js
+++ b/packages/core-data/src/resolvers.js
@@ -419,8 +419,7 @@ export const canUser =
 		// Optional chaining operator is used here because the API requests don't
 		// return the expected result in the native version. Instead, API requests
 		// only return the result, without including response properties like the headers.
-		const allowHeader = response.headers?.get( 'allow' );
-		const allowedMethods = allowHeader?.allow || allowHeader || '';
+		const allowedMethods = response.headers?.get( 'allow' ) || '';
 
 		const permissions = {};
 		const methods = {