diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
index 62d7872..23ad010 100644
--- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
+++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
@@ -160,6 +160,11 @@ public final class CrossOriginResourceSharingAllowAllResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
                 .isEqualTo("Accept, Content-Type");
+        assertThat(response.containsHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)).isTrue();
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("*");
     }
 
     @Test
@@ -178,7 +183,12 @@ public final class CrossOriginResourceSharingAllowAllResponseTest {
                 HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)).isTrue();
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
-                    .isEqualTo("GET, HEAD, PUT, POST, DELETE");
+                .isEqualTo("GET, HEAD, PUT, POST, DELETE");
+        assertThat(response.containsHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)).isTrue();
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("*");
     }
 
     @Test
diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
index c02776f..7e2790d 100644
--- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
+++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingResponseTest.java
@@ -156,6 +156,9 @@ public final class CrossOriginResourceSharingResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
                 .isEqualTo("GET, PUT");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("ETag");
 
         // Allowed origin, method and header
         request.reset();
@@ -180,6 +183,9 @@ public final class CrossOriginResourceSharingResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
                 .isEqualTo("Accept");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("ETag");
 
         // Allowed origin, method and header combination
         request.reset();
@@ -205,6 +211,9 @@ public final class CrossOriginResourceSharingResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
                 .isEqualTo("Accept, Content-Type");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("ETag");
     }
 
     @Test
@@ -248,6 +257,9 @@ public final class CrossOriginResourceSharingResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
                 .isEqualTo("Accept, Content-Type");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("ETag");
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS))
                 .isNull();
@@ -270,6 +282,9 @@ public final class CrossOriginResourceSharingResponseTest {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
                     .isEqualTo("GET, PUT");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                .isEqualTo("ETag");
     }
 
     @Test
@@ -280,6 +295,8 @@ public final class CrossOriginResourceSharingResponseTest {
                 .isEqualTo(HttpStatus.SC_OK);
         assertThat(response.containsHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isFalse();
+        assertThat(response.containsHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)).isFalse();
     }
 
     private static String createRandomContainerName() {
diff --git a/src/test/resources/s3proxy-cors.conf b/src/test/resources/s3proxy-cors.conf
index b86b7d3..9a5542b 100644
--- a/src/test/resources/s3proxy-cors.conf
+++ b/src/test/resources/s3proxy-cors.conf
@@ -9,6 +9,7 @@ s3proxy.keystore-password=password
 s3proxy.cors-allow-origins=https://example\.com https://.+\.example\.com https://example\.cloud
 s3proxy.cors-allow-methods=GET PUT
 s3proxy.cors-allow-headers=Accept Content-Type
+s3proxy.cors-exposed-headers=ETag
 
 jclouds.provider=transient
 jclouds.identity=remote-identity