diff --git a/config/http/middleware/handlers/cors.json b/config/http/middleware/handlers/cors.json
index b5cc6cfa6..ab2fb894d 100644
--- a/config/http/middleware/handlers/cors.json
+++ b/config/http/middleware/handlers/cors.json
@@ -19,7 +19,8 @@
         "Accept-Patch",
         "Location",
         "MS-Author-Via",
-        "Updates-Via"
+        "Updates-Via",
+        "WAC-Allow"
       ]
     }
   ]
diff --git a/test/integration/Middleware.test.ts b/test/integration/Middleware.test.ts
index 9d7feb393..c536bd3c1 100644
--- a/test/integration/Middleware.test.ts
+++ b/test/integration/Middleware.test.ts
@@ -111,6 +111,12 @@ describe('An http server with middleware', (): void => {
     expect(exposed.split(/\s*,\s*/u)).toContain('MS-Author-Via');
   });
 
+  it('exposes the WAC-Allow header via CORS.', async(): Promise<void> => {
+    const res = await request(server).get('/').expect(200);
+    const exposed = res.header['access-control-expose-headers'];
+    expect(exposed.split(/\s*,\s*/u)).toContain('WAC-Allow');
+  });
+
   it('exposes the Updates-Via header via CORS.', async(): Promise<void> => {
     const res = await request(server).get('/').expect(200);
     const exposed = res.header['access-control-expose-headers'];