diff --git a/src/aioweb_tls/backends.py b/src/aioweb_tls/backends.py
index be56b88..a1ba284 100644
--- a/src/aioweb_tls/backends.py
+++ b/src/aioweb_tls/backends.py
@@ -170,8 +170,19 @@ class Noble:
             self._updated = True
 
     def create_session(self, headers, timeout, **kwargs):
-        """build the noble_tls Session"""
-        return noble_tls.Session(client=self.client, **kwargs)
+        """build the noble_tls Session, honoring session-default headers + timeout
+
+        noble_tls.Session takes neither headers nor timeout in its constructor, so
+        aioweb's session-default headers (and the coerced timeout) are applied after
+        construction — matching CurlCffi, which passes both through. without this a
+        TLSSession(backend=Noble(...), headers=...) would silently drop the headers.
+        """
+        session = noble_tls.Session(client=self.client, **kwargs)
+        if headers:
+            session.headers.update(headers)
+        if timeout is not None:
+            session.timeout_seconds = timeout
+        return session
 
     async def raw_request(self, session, method, url, **kwargs) -> Response:
         """send via noble_tls and adapt the result into an aioweb.Response"""