omit: Never send or receive cookies.
same-origin: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
https://github.com/globalpayments/globalpayments-3ds-js/blob/2175eef88ebdc864d1fb4817109f5d3b732b93e0/src/lib/make-request.ts#L20
This causes an issue in my application as my cookies are not sent in the request to check3dsVersion or initiateAuthentication
As per https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials, this should be changed to 'same-origin':