diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
index 42b4f3f8fdcb..6a1a9900d756 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
@@ -7,6 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
 
   return "{\"continue_on\": \"resolve.html\"}"
 
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
index 6c610e6e201d..08c28e32b794 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
@@ -63,12 +63,16 @@ def accountsCheck(request):
     return (539, [], "Should not have Origin")
 
 def tokenCheck(request):
-  common_error = commonCheck(request)
+  common_error = commonCheck(request, b"cors")
   if (common_error):
     return common_error
   common_credentialed_error = commonCredentialedRequestCheck(request)
   if (common_credentialed_error):
     return common_credentialed_error
+  # The value of the Sec-Fetch-Site header can vary depending on the IdP origin
+  # but it should not be 'none'.
+  if request.headers.get(b"Sec-Fetch-Site") == b"none":
+    return (538, [], "Wrong Sec-Fetch-Site header")
 
   post_error = commonPostCheck(request)
   if (post_error):
@@ -86,8 +90,9 @@ def revokeCheck(request):
   if (common_error):
     return common_error
 
-  if request.cookies.get(b"cookie") != b"1":
-    return (537, [], "Missing cookie")
+  common_credentialed_error = commonCredentialedRequestCheck(request)
+  if (common_credentialed_error):
+    return common_credentialed_error
   # The value of the Sec-Fetch-Site header can vary depending on the IdP origin
   # but it should not be 'none'.
   if request.headers.get(b"Sec-Fetch-Site") == b"none":
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
index 52fb20184bc0..04e7b5b56b9e 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
@@ -7,6 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
 
   account_id = request.POST.get(b"account_id")
   return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
index 93ccf3ee7e22..3e011ce788c8 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
@@ -7,6 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
 
   is_auto_selected = request.POST.get(b"is_auto_selected")
   return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
index c8d95ab63d7e..05b9945ba80d 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
@@ -7,6 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
   response.status = (403, b"Forbidden")
 
   return "{\"token\": \"token\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
index 515736416f49..add634c99bb9 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
@@ -7,6 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+  response.headers.set(b"Access-Control-Allow-Credentials", "true")
 
   rp_mode = request.POST.get(b"mode")
   return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}"